Det-Tronics CRITICAL SAFETY PROVISO: Why Functional Safety Product Certifiers Must Meet Highest Level of Accreditation (White Paper)
Industry Manual Repository
Join the AnalyzeDetectNetwork and Read This Manual and Hundreds of Others Like It! It's Free!
INDUSTRY WHITE PAPER CRITICAL SAFETY PROVISO: Why Functional Safety Product Certifiers Must Meet Highest Level of Accreditation You need your fire and gas system to function at the highest safety levels. What can you do to make sure it is? A thirdparty evaluation of a manufactured product is preferred over self-certification. But which third-party should you select? What matters in certification? How can you have confidence you have selected fully qualified companies to conduct proper and complete product certification? Helping you answer these questions is this paper’s goal. Common misconceptions include: Misconception 1: product self-certification follows the same rigor as third-party approval Misconception 2: all product certifiers are equally qualified Misconception 3: standards on documentation mean the product has a certain certification Misconception 4: you achieve SIL 3 by using redundant SIL 2 products with SIL 2 process The errors often develop from misunderstood terms. Here are a few key definitions. Standard: an agreed upon description of what satisfies proper function. It uses technical, verifiable language so local and international groups can establish best practice for an industry. IEC 61508 and IEC 60079-29-1 are examples of standards. Accreditation Agency: A group that identifies (accredits) companies that possess the necessary knowledge and rigor to certify function for solutions. They may also be the organization that endorses the standard. ANSI is an Accreditation Agency. Product Certifier: This is a group that has been accredited as able to assess and audit products, services and systems for public safety—meeting the standard—and therefore are able to properly provide certification. exida is a SIL Product Certifier. Certification: establishes that a specific solution (product, service or system) meets the standard. Tested through an assessment, it offers confidence that the solution is safe, functional, and will perform as expected. A functional safety certificate is issued to confirm the assessment was determined compliant. For valid certification, the product certifier must achieve accreditation to the standards used. 2 Self-Certification Is Risky Selection of properly certified flame and gas detection products for safety purposes is vital. Certified products installed to the approved safety codes and standards is crucial—a must. There are many considerations to weigh each step of the way. Operational efficiency, maximum productivity and overall safety require comprehensive attention. Ultimately you need the correct certification, installation and day-to-day operation of a product to achieve the highest safety standard. This paper focuses on the product certification step. Great products properly installed and operated will not achieve functional safety unless the product certification is also legitimate. Often misunderstood, product certification is crucial to safety—it establishes proper functional safety at the extremes and special use conditions. Functional safety allows for failure in a predictable (safe) manner. Therefore mistakes during product certification can reveal themselves in catastrophe. Achieving full and reliable functional safety certification requires careful attention. Compliance with local safety standards is a very complex task. There are thousands of local, regional and national standards and numerous equipment choices, accreditation agencies and third-party product certifiers. Each present a wide and varied set of options. Selection of the product certifier (also known as product certification bodies or notified bodies) requires evaluation of the specific standards and competencies as recognized by the accreditation agency. This paper’s focus is on the certification aspect of functional safety Development Certification Product Standards and Requirements Accreditation Agency Confirms Product Certifier to Standard Manufacturer Makes Product Product Certifier Examines Product for Functional Safety Installation Authority Having Jurisdiction (AHJ) Approves Product Installation To Safety Standard If Product Meets Functional Safety then Certificate Is Issued 3 Product and Installation Meets Codes and Standards (e.g. SIL 2) The accreditation agency and product certifier are often less well known by local operators. The accreditation agency (ANSI, OSHA, CNAS, UKAS are a few) evaluates product certifiers to detailed safety standards that are vetted for competency through a formal process. Companies offering to certify products are numerous (exida, FM, SIRA, UL and TÜV Rheinland are a few). They offer a variety of abilities when it comes to certification. This is a potential weak point in the process. Selecting a product certifier to establish your specific needs will take investigation. The product certifier needs to prove competency in the standards related to your product—you may (and likely will) require more than one product certifier to accomplish your goals. Here is how it should work Certification Development ANSI Codifies Product Standards and Requirements ANSI Confirms exida, LLC as Product Certifier Det-Tronics Makes FlexSight™ LS2000 Line-ofSight Infrared Gas Detector exida, LLC examines Det-Tronics FlexSight™ LS2000 for functional safety 4 Installation Authority Having Jurisdiction (AHJ) Approves Product Installation To Safety Codes and Standards FlexSight™ LS2000 Meets Functional Safety. exida, LLC Issues Certificate Product and Installation Meets Codes and Standards (e.g. SIL 2) Not All Product Certifiers Are Equally Qualified Accreditation agencies are responsible to evaluate product certifiers. Such agencies look for conformance to competency standards to ensure that products are tested and certified by the product certifier to meet expected performance levels. The responsibilities of accreditation agencies go beyond a routine audit of product certifiers. Their work includes: approval of key policy documents, review of the evaluation process, and a monitor of the product certifier audit programs. Accreditation agencies issue the product certifiers an accreditation certificate based on demonstrated competency to standards, including IEC standards. The accreditation agency seeks to ensure that products are properly certified, which generally means: 1. The product is labeled with the registered certification mark; 2. The product certifier issues certification to a well-recognized test standard that is within the certifier’s scope of accreditation; 3. The product certifier issues certification from one of its recognized facility locations. Points 1 and 3 noted above are often well understood and applied. However, few product certifiers issue functional safety certifications per IEC 61508 within their scope of accreditation (item 2 above). Without this crucial step there is no formal evidence of competency, and safety may be compromised. The IEC 61508 standard requires “evidence of competence” for all who perform assessments. While it does not require a formal authorized or accredited status, most customers who purchase IEC 61508-certified products demand a product certifier that demonstrates a high level of technical competence. The product certifier that meets this high level must demonstrate strong competency in the key areas of functional safety. This is demonstrated during an audit by a well established accreditation agency. FORMAL ACCREDITATION MATRIX GROUPS OFFERING PRODUCT CERTIFICATION GROUP A SIL (IEC 61508) PERFORMANCE (IEC 60079-29 SERIES; ISO 7240 SERIES) HAZARDOUS LOCATION (IEC 60079) ACCREDITED GROUP B ACCREDITED GROUP C ACCREDITED GROUP D ACCREDITED GROUP E ACCREDITED ACCREDITED NONE ACCREDITED ACCREDITED ACCREDITED ACCREDITED GROUP F Did you know? It is crucial to check for SIL, performance and hazardous location accreditation so your functional safety goals are achieved. No single group has achieved accreditation in all three areas as of December 2015. Conversely, some groups are offering certification without any accreditation. Buyer beware. 5 For instance, to certify a product meets IEC 61508, the product certifier must have full competency in functional safety areas such as: • • • • • • • Mechanical design (stress conditions, useful life and systematic design procedures) Software design (software failure mechanisms and systematic design procedures) Electronic hardware (electronic hardware failure mechanisms and systematic design procedures) Hardware Failure Modes, Effects and Diagnostic Analysis (FMEDA) Hardware probabilistic failure analysis (stress conditions and useful life) Software and hardware testing procedures and methods Quality procedures, document control and functional safety management What You Can (and Can’t) Learn from Documentation Evaluation of products can be enhanced through an assessment of the product certificate. Certificates provide additional details to assist in selection of products. Each certificate includes the standards met and the year of release used to issue certification. For functional safety certification, this date and standard met is critical to properly compare products. For instance, the IEC 61508:2000 (Edition 1) Series released version has more optimistic Safe Failure Fraction values (therefore less safe) as compared to the 2010 (Edition 2) released version. This significant difference is due to the fact that the FMEDA calculations now require the exclusion of non-safety related components. The newer PRODUCTS REDUNDANCY PROCESS RESULT standard was improved to demand relevant component assessment, informative safety manual, development tools and software SIL 2 + NO + SIL 2 = SIL 2 traceability are considered for each product. Another important element of Functional Safety Certification is that SIL 3 manufacturer SIL 2 + YES + SIL 2 = SIL 2 process capability must be given consideration when issuing a SIL 3 capable certificate. It is no longer acceptable for a SIL 2 manufacturer to claim a SIL 3 product simply by requiring redundancy (HFT = 1). SIL 2 + YES + SIL 3 = SIL 3 They must first prove they have a SIL 3 compliant development process. Process capability is fundamentally necessary as a systematic measure in assuring product SIL 3 + NO + SIL 3 = SIL 3 design robustness. Product certifiers with competency in Functional Safety Certification will ensure product and process compliance to manufacturer claimed capability. Misconception 4: Thinking that redundancy of SIL 2 products and a SIL 2 process equals SIL 3. This is not true. 6 Additional information on manufacturer’s claimed capabilities can be obtained by reviewing the Product Safety Manual. This is necessary to determine the robustness of the product and process safety certifications. The product’s Proof Test Interval, which is contained within the Safety Manual, defines necessary maintenance required during product use to assure on-going proper functionality. There are cases when a product claims a high SIL capability but it requires expensive field maintainence. This and other claimed capabilities noted in the Safety Manual should be reviewed in detail when comparing products. It is also very important to note that a SIL capable certification does not mean that the product is performance approved. A SIL capable product certificate may list a variety of codes and standards. Such a list must not be mistaken for compliance to each as mentioned at the start of this paper. It may only reference that during evaluation such codes and standards were considered. Codes are not accreditable by any agency—the only way for a product to be properly certified is if a product certifier tests and evaluates it to the related standard, and the product certifier is recognized as competent for the standard by an accreditation agency. Some who offer product certifications are not able to issue accreditation certifications to the standard you seek. Summary Products designed to reduce risks in hazardous industrial applications must be certified to particular standards. Those who offer product certification are responsible for examining these products to ensure that they meet functional safety requirements. Not all product certifiers are in a position to accomplish what you require. Functional safety product certification by a product certifier accredited to IEC 61508 is imperative. The accredited product certifier should have proven competency to ensure not only product and process compliance, but that all relevant information is reflected within the manufacturer’s safety manual. The safety manual and supporting manufacturer’s documentation must be followed completely to ensure safe use of product and proper functionality of the ‘Safety Function.’ Only then can full and proper compliance ensure the highest possible level of product reliability for safety purposes. ACCREDITATION ASSESMENT MATRIX GROUPS OFFERING PRODUCT CERTIFICATION SIL (IEC 61508) PERFORMANCE (IEC 60079-29 SERIES; ISO 7240 SERIES) HAZARDOUS LOCATION (IEC 60079) ACCREDITED NOT ACCREDITED NOT ACCREDITED NOT ACCREDITED ACCREDITED NOT ACCREDITED NOT ACCREDITED NOT ACCREDITED ACCREDITED NOT ACCREDITED ACCREDITED ACCREDITED ACCREDITED ACCREDITED NOT ACCREDITED ACCREDITED ACCREDITED ACCREDITED NOT ACCREDITED NOT ACCREDITED NOT ACCREDITED Use this matrix to evaluate your process. Evaluate the abilities of groups in your area offering certification. Are they accredited to the level you need? In which areas are they and which areas are they not established as credible resources. In short, Product Certifiers prove their worth through accreditation. Make sure you align their accreditation to the products you need certified for functional safety. Questions? Contact your local Det-Tronics office ( 7 AUTHORS: Jon D. Miller, Approvals Engineering Manager (primary) Mark Gaalswyk, Systems Group Leader (contributing) For more information or help clarifying which accreditations are crucial for your safety contact your local Det-Tronics office. An earlier version of this report was published in SPE Offshore Europe Conference 2015. FlexSonic® Acoustic Leak Detector X3301 Multispectrum IR Flame Detector PointWatch Eclipse® IR Combustible Gas Detector FlexVu® Universal Display with GT3000 Toxic Gas Detector Eagle Quantum Premier ® Safety System 74-1008 1.0 Corporate Office 6901 West 110 th Street Minneapolis, MN 55438 USA Phone: +1 952.941.5665 Toll-free: +1 800.765.3473 Fax: +1 952.829.8750 All trademarks are the property of their respective owners. © 2016 Detector Electronics Corporation. All rights reserved. Det-Tronics is certified to ISO 9001:2008 in all manufacturing processes.