Presentation is loading. Please wait.

Presentation is loading. Please wait.

About Us! Rob StockhamBA IEng MIEE General Manager Moore Industries-Europe, Inc MemberIEE Honorary Secretary ISA England Institute of Directors DirectorThe.

Published byLeon Bishop Modified over 8 years ago

Similar presentations

Presentation on theme: "About Us! Rob StockhamBA IEng MIEE General Manager Moore Industries-Europe, Inc MemberIEE Honorary Secretary ISA England Institute of Directors DirectorThe."— Presentation transcript:

1

2 About Us! Rob StockhamBA IEng MIEE General Manager Moore Industries-Europe, Inc MemberIEE Honorary Secretary ISA England Institute of Directors DirectorThe CASS Scheme Ltd TreasurerThe IEC 61508 Association

3 About Us! Bob SmithCEng FInstMC MIEE BA Functional Safety SpecialistMoore Industries-Europe, Inc MemberIEE ISA Fellow Institute of Measurement and Control

4

5 We must be ‘sold’ on the commitment to undertake safety-critical and safety-related requirements fully and properly BUT! We must be careful that we are not ‘sold’ a safety answer that is non-compliant with IEC61508! Functional Safety is a culture and not a widget you can buy SOLD on Safety

6 Sensor Logic SolverActuator Selection and Justification of Instruments ??? Safety Integrity Level (SIL) Requirement Defined for Loop Component Safety Data PFD, SFF,etc PIU and Software Component Safety Data PFD, SFF,etc PIU and Software Component Safety Data PFD, SFF,etc PIU and Software PIU Proven in Use PFD Probability Failure on Demand SFF Safety Failure Fraction Typical Safety Related Loop Environment Calibration and Maintenance Procedures Application - Duty

7 How could a loop component be selected Certification ‘Suitable for SIL 3’ Alternatively a. ‘Proven in Use Claim’ OR b. ‘Manufacturer Claim’ OR c. ‘Third Party EXPERT Opinion’ Basis for selection Component selected having an appropriate Safety Integrity Level (SIL) capability Selection follows a comprehensive Risk Assessment and Assignment of Safety Integrity Level (SIL) for the whole safety instrumented loop Typically SIL 1, 2, 3 and 4 (SIL4 being the highest) Can this be justified But what does this mean?

8 a.Justification as PROVEN IN USE? By Whom?

9 What do the IEC themselves say about ‘proven in use’ ? http://www.iec.ch/zone/fsafety/compliance.htm

10 This is a question raised on the IEC website: “D11) Can an E/E/PE safety-related system contain hardware and/or software that was not produced according to IEC 61508, and still comply with the standard (proven in use)?” “It may be possible to use a proven in use argument as an alternative to meeting the design requirements for dealing with systematic failure causes in IEC 61508, including hardware and software. But it is essential to note that proven in use cannot be used as an alternative to meeting the requirements for: and the answer: architectural constraints on hardware safety integrity (see 7.4.2.1 of IEC 61508-2); the quantification of dangerous failures of the safety function due to random hardware faults (see 7.4.3.2 of IEC 61508-2); and system behaviour on detection of faults (see 7.4.6 of IEC 61508-2). See 7.4.2.2 of IEC 61508-2 for a summary of design requirements, including references to more detailed systematic hardware requirements in the standard.”

11 “A proven in use claim relies on the availability of historical data for both random hardware and systematic failures, and on analytical techniques and testing if the previous conditions of use of the subsystem differ in any way from those which will be experienced in the E/E/PE safety-related system. 7.4.7.6 of IEC 61508-2 requires that: and……. the previous conditions of use of the subsystem are the same as, or sufficiently close to, those which will be experienced in the E/E/PE safety-related system (see 7.4.7.7 of IEC 61508-2); if the above conditions of use differ in any way, a demonstration is necessary (using a combination of appropriate analytical techniques and testing) that the likelihood of unrevealed systematic faults is low enough to achieve the required safety integrity level of the safety functions which use the subsystem (see 7.4.7.8 of IEC 61508-2); the claimed failure rates have sufficient statistical basis (see 7.4.7.9 of IEC 61508-2); failure data collection is adequate (see 7.4.7.10 of IEC 61508-2); evidence is assessed taking into account the complexity of the subsystem, the contribution made by the subsystem to the risk reduction, the consequences associated with a failure of the subsystem, and the novelty of design (see 7.4.7.11 of IEC 61508-2); and the application of the proven in use subsystem is restricted to those functions and interfaces of the subsystem that meet the relevant requirements (see 7.4.7.12 of IEC 61508-2).”

12 “7.4.2.11 of IEC 61508-3 allows the use of standard or previously developed software without the availability of historical data but with the emphasis on analysis and testing. This concept should be distinguished from the proven in use concept described above.” And finally,

13 In summary: The proven-in-use route is for the end-user and it requires the collection of comprehensive statistically significant data on failures experienced in the application, or a very similar application being considered. Testing may also be required to support a proven-in-use claim, particularly where the Instrument uses software/firmware. Diligence and weight of supporting evidence will increase in direct relation to the required Safety integrity level.

14 b.Justification using MANUFACTURERS CLAIM? Check the basis for the claim, to be compliant with IEC61508 the Supplier should be able to show: ISO 9000:2001 Certification of ALL design and manufacturing procedures. Key staff competency and responsibility. Functional Safety Management Capability in accordance with IEC61508-1. The Supplier should be able to provide documented evidence of the following: A documented FMEDA providing, safe and dangerous failure rates, diagnostic coverage, Safe Failure Fraction and Hardware Fault Tolerance. That hardware design Techniques and Measures, taken against the possibility of systematic hardware failure, are consistent with the required SIL capability. That software design Techniques and Measures, taken against the possibility of systematic software faults, are consistent with the required SIL capability.

15 A good, competent manufacturer possessing Functional Safety Management certification should be perfectly capable of providing all the necessary supporting data for the instrument produced, without third party Certification.

16 Can the supplier claim a SIL capability in compliance with IEC61511 instead of IEC61508?

17 Reference IEC61511-1, Section 1, Scope, para b): “applies when equipment that meets the requirements of IEC61508, or of 11.5 of IEC61511-1, is integrated into an overall system that is to be used for a process sector application but does not apply to manufacturers wishing to claim that devices are suitable for use in safety instrumented systems for the process sector (see IEC61508-2 and IEC61508-3;”

18 c.Justification using THIRD PARTY CERTIFICATION? Does this relieve the end-user of any responsibility? NO! Compliance is always the responsibility of the end-user. Certification by a third party is a potentially useful contribution to a fitness for purpose argument but the same IEC65108 issues Must be covered and documented and visible!

19 c.Justification using THIRD PARTY CERTIFICATION? Check the basis for the claim, to be compliant with IEC61508 the Certifier should be able to show: ISO 9000:2001 Certification of ALL design and manufacturing procedures. Key staff competency and responsibility. Functional Safety Management Capability in accordance with IEC61508-1. The Certifier should be able to provide documented evidence of the following: A documented FMEDA providing, safe and dangerous failure rates, diagnostic coverage, Safe Failure Fraction and Hardware Fault Tolerance. That hardware design Techniques and Measures, taken against the possibility of systematic hardware failure, are consistent with the required SIL capability. That software design Techniques and Measures, taken against the possibility of systematic software faults, are consistent with the required SIL capability.

20 Additionally:

21 The 61508 Association What is The 61508 Association? The 61508 Association is a cross-industry group of organizations with an interest in achieving a dependable and cost-effective method for demonstrating compliance with IEC 61508 and related standards. What is the Association for? The purpose of The 61508 Association is to promote the CASS method for providing the integrity, transparency and consistency of the conformity assessment process for all phases of the lifecycle of safety-related systems. We achieve our purpose by: Bringing together all parties with an interest in functional safety Identifying and removing obstacles to the profitable application of IEC 61508 and related standards Facilitating the improvement in the understanding of and competence in the use of IEC 61508 and related standards Working with CASS to ensure that the scheme meets the conformity assessment needs of the functional safety stakeholders Contact us with any questions go to www.61508.org.

22 QUESTIONS?

Download ppt "About Us! Rob StockhamBA IEng MIEE General Manager Moore Industries-Europe, Inc MemberIEE Honorary Secretary ISA England Institute of Directors DirectorThe."

Similar presentations

Integra Consult A/S Safety Assessment. Integra Consult A/S SAFETY ASSESSMENT Objective Objective –Demonstrate that an acceptable level of safety will.

Integra Consult A/S Safety Assessment. Integra Consult A/S SAFETY ASSESSMENT Objective Objective –Demonstrate that an acceptable level of safety will.
IEC – IEC Presentation G.M. International Safety Inc.

IEC – IEC Presentation G.M. International Safety Inc.
Effectively applying ISO9001:2000 clauses 6 and 7.

Effectively applying ISO9001:2000 clauses 6 and 7.
IEC – IEC Presentation G.M. International s.r.l

IEC – IEC Presentation G.M. International s.r.l
Richard Hibbert RSRL Quality, Assessment and Management Systems Manager Process management Requirements in IAEA Standards and Guides.

Richard Hibbert RSRL Quality, Assessment and Management Systems Manager Process management Requirements in IAEA Standards and Guides.
ISO 9001 : 2000.

ISO 9001 : 2000.
Discussion on SA-500 – AUDIT EVIDENCE

Discussion on SA-500 – AUDIT EVIDENCE
The ISO 9002 Quality Assurance Management System

The ISO 9002 Quality Assurance Management System
Off-The-Shelf Software Components in systems important to safety (EPR - European Pressurized water Reactor) Nguyen N.Q. THUY RESEARCH AND DEVELOPMENT DIVISION.

Off-The-Shelf Software Components in systems important to safety (EPR - European Pressurized water Reactor) Nguyen N.Q. THUY RESEARCH AND DEVELOPMENT DIVISION.
Functional Safety Overview

Functional Safety Overview
1 Certification Chapter 14, Storey. 2 Topics  What is certification?  Various forms of certification  The process of system certification (the planning.

1 Certification Chapter 14, Storey. 2 Topics  What is certification?  Various forms of certification  The process of system certification (the planning.
DIRC Workshop on Software Quality and the legal system 13 February 2004 Functional safety of electrical, electronic and programmable electronic safety-related.

DIRC Workshop on Software Quality and the legal system 13 February 2004 Functional safety of electrical, electronic and programmable electronic safety-related.
ISO 9001 Interpretation : Exclusions

ISO 9001 Interpretation : Exclusions
Rm040126.ppt Application of the Competence Guidelines to Software Engineering DIRC Workshop on Software Quality and the Legal System 13 February 2004 DIRC.

Rm ppt Application of the Competence Guidelines to Software Engineering DIRC Workshop on Software Quality and the Legal System 13 February 2004 DIRC.
©Ian Sommerville 2006Critical Systems Slide 1 Critical Systems Engineering l Processes and techniques for developing critical systems.

©Ian Sommerville 2006Critical Systems Slide 1 Critical Systems Engineering l Processes and techniques for developing critical systems.
Prepared by Long Island Quality Associates, Inc. ISO 9001:2000 Documentation Requirements Based on ISO/TC 176/SC 2 March 2001.

Prepared by Long Island Quality Associates, Inc. ISO 9001:2000 Documentation Requirements Based on ISO/TC 176/SC 2 March 2001.
ISO 9000 Certification ISO 9001 and ISO 9000.3.

ISO 9000 Certification ISO 9001 and ISO
Www.lrqa.co.uk BS EN ISO 14001:2004 Madlen King BSc MSc MIEMA EMS Lead Assessor Lloyd’s Register Quality Assurance Ltd BS EN ISO 14001:2004.

BS EN ISO 14001:2004 Madlen King BSc MSc MIEMA EMS Lead Assessor Lloyd’s Register Quality Assurance Ltd BS EN ISO 14001:2004.
4. Quality Management System (QMS)

4. Quality Management System (QMS)
Protection Against Occupational Exposure

Protection Against Occupational Exposure

Similar presentations

Ads by Google