Functional Safety – Demystifying Product Certificates

Reproduction of Certificate by kind permission of Rotork Controls Plc

IEC 61508:2010 does not state that certification of products is necessary to claim compliance with the requirements of the standard. However, certification of products can be used to support its integrity, availability and reliability, once it is implemented within a safety instrumented system (SIS).

The current methodology of issuing certificates to IEC 61508 does not follow a uniform approach, nor is it supported by a conformity assessment scheme. This means that Certification Bodies can follow their own interpretation of the requirements, resulting in varying degrees of information being present on certificates and reports.

The challenge for a manufacturer or a system integrator is, therefore, understanding truly what they have bought, and whether the product can indeed perform to the desired level of integrity as part of a SIS.

Ultimately, ambiguous and inconsistent data provided on a certificate can place an expense on manufacturers for incorrect certification that has no strength once the product gets to the bidding stage.

So, what information would you expect to see in your Functional Safety certificate and how do you know that it is correct?

The below outlines the key parameters and information that should be available within the certificate that provide end users/system integrators with enough information to satisfy that the desired safety integrity level (SIL) of their system can be achieved.

How do you demonstrate product complies with the requirements of IEC 61508:2010?

The product safety function assessment should deliver the main parameters defined in the requirements of IEC 61508:2010 for the intended SIL and be capable for use in the safety instrument function. You need to demonstrate that your product meets the requirements of IEC 61508:2010 for the applicable SIL when being used to carry out the safety function it has been designed for.

How can this be achieved? For best practice, the following information should be included in all Functional Safety product certificates as a minimum:

• Random Hardware Safety Integrity Capability (SIL).
• Systematic Safety Integrity Capability (SC).
• Route of compliance (1H, 2H, 1S, 2S or 3S).
• Assessment Standard: ensure the latest version of IEC 61508 is used (i.e. IEC 61508:2010).
• Product Type (Type A, Type B as per clause of IEC 61508:2010-2).
• Failure rates (λsu, λsd, λdu & λdd).
• Probability of dangerous failure on demand (PFD).
• Probability of dangerous failure per hour (PFH).
• Safe Failure Fraction (SFF).
• Hardware Fault Tolerance (HFT).
• Diagnostic Coverage (DC).
• Safety function definition of the product.
• Safety function demand type.
• Proof test interval.

Using the above list of parameters mitigates any of the aforementioned issues and supports certified products, removing any possible ambiguity.

Key Takeaways

1) Request supporting assessment reports that have been used as the basis of certification.
2) Investigate what basis third parties have for offering certification (do they have the relevant accreditation?)
3) When certified by a non-accredited third party, perform due diligence to verify that the information within the certificate is in accordance with IEC 61508:2010.
4) Ensure both random hardware safety integrity and systematic safety integrity have been assessed and included within the certificate.

CSA Group (Sira Certification Service) is a UKAS accredited certification body for a range of hazardous area certification schemes, including Functional Safety. For more information regarding Functional Safety please contact us. Reproduction of Certificate by kind permission of Rotork Controls Plc

Tel: +44(0)1244 670 900

Published in Valve User Magazine Issue 40

Winter 2019 // Issue 51
Read latest articles Pageflip Magazine Version Download Magazine