Det-Tronics CRITICAL SAFETY PROVISO: Why Functional Safety Product Certifiers Must Meet Highest Level of Accreditation (White Paper)
Industry Manual Repository
Join the AnalyzeDetectNetwork and Read This Manual and Hundreds of Others Like It! It's Free!
INDUSTRY WHITE PAPER
CRITICAL SAFETY PROVISO:
Why Functional Safety
Product Certifiers Must Meet
Highest Level of Accreditation
You need your fire and gas system to function at the highest
safety levels. What can you do to make sure it is? A thirdparty evaluation of a manufactured product is preferred over
self-certification. But which third-party should you select?
What matters in certification? How can you have confidence
you have selected fully qualified companies to conduct
proper and complete product certification?
Helping you answer these questions is this paper’s goal. Common misconceptions include:
Misconception 1: product self-certification follows the same rigor as third-party approval
Misconception 2: all product certifiers are equally qualified
Misconception 3: standards on documentation mean the product has a certain certification
Misconception 4: you achieve SIL 3 by using redundant SIL 2 products with SIL 2 process
The errors often develop from misunderstood terms. Here are a few key definitions.
Standard: an agreed upon description of what satisfies proper function. It uses technical,
verifiable language so local and international groups can establish best practice for an
industry. IEC 61508 and IEC 60079-29-1 are examples of standards.
Accreditation Agency: A group that identifies (accredits) companies that possess the
necessary knowledge and rigor to certify function for solutions. They may also be the
organization that endorses the standard. ANSI is an Accreditation Agency.
Product Certifier: This is a group that has been accredited as able to assess and audit
products, services and systems for public safety—meeting the standard—and therefore
are able to properly provide certification. exida is a SIL Product Certifier.
Certification: establishes that a specific solution (product, service or system) meets
the standard. Tested through an assessment, it offers confidence that the solution is
safe, functional, and will perform as expected. A functional safety certificate is issued to
confirm the assessment was determined compliant. For valid certification, the product
certifier must achieve accreditation to the standards used.
www.det-tronics.com
2
Self-Certification Is Risky
Selection of properly certified flame and gas detection products for safety purposes is
vital. Certified products installed to the approved safety codes and standards is crucial—a
must. There are many considerations to weigh each step of the way. Operational
efficiency, maximum productivity and overall safety require comprehensive attention.
Ultimately you need the correct certification, installation and day-to-day operation of a
product to achieve the highest safety standard.
This paper focuses on the product certification step. Great products properly installed
and operated will not achieve functional safety unless the product certification is also
legitimate. Often misunderstood, product certification is crucial to safety—it establishes
proper functional safety at the extremes and special use conditions. Functional safety
allows for failure in a predictable (safe) manner. Therefore mistakes during product
certification can reveal themselves in catastrophe. Achieving full and reliable functional
safety certification requires careful attention.
Compliance with local safety standards is a very complex task. There are thousands of local,
regional and national standards and numerous equipment choices, accreditation agencies and
third-party product certifiers. Each present a wide and varied set of options. Selection of the
product certifier (also known as product certification bodies or notified bodies) requires evaluation
of the specific standards and competencies as recognized by the accreditation agency.
This paper’s focus is on the certification aspect of functional safety
Development
Certification
Product
Standards and
Requirements
Accreditation
Agency Confirms
Product Certifier
to Standard
Manufacturer
Makes Product
Product Certifier
Examines Product
for Functional
Safety
Installation
Authority Having
Jurisdiction (AHJ)
Approves Product
Installation To
Safety Standard
If Product Meets
Functional Safety
then Certificate Is
Issued
3
Product and
Installation
Meets Codes and
Standards
(e.g. SIL 2)
www.det-tronics.com
The accreditation agency and product certifier are often less well known by local operators. The
accreditation agency (ANSI, OSHA, CNAS, UKAS are a few) evaluates product certifiers to detailed
safety standards that are vetted for competency through a formal process.
Companies offering to certify products are numerous (exida, FM, SIRA, UL and TÜV Rheinland are a
few). They offer a variety of abilities when it comes to certification. This is a potential weak point in
the process. Selecting a product certifier to establish your specific needs will take investigation. The
product certifier needs to prove competency in the standards related to your product—you may (and
likely will) require more than one product certifier to accomplish your goals.
Here is how it should work
Certification
Development
ANSI Codifies
Product
Standards and
Requirements
ANSI Confirms
exida, LLC as
Product Certifier
Det-Tronics
Makes
FlexSight™
LS2000 Line-ofSight Infrared Gas
Detector
exida, LLC
examines
Det-Tronics
FlexSight™
LS2000 for
functional safety
www.det-tronics.com
4
Installation
Authority Having
Jurisdiction (AHJ)
Approves Product
Installation To
Safety Codes and
Standards
FlexSight™
LS2000 Meets
Functional Safety.
exida, LLC Issues
Certificate
Product and
Installation
Meets Codes and
Standards
(e.g. SIL 2)
Not All Product Certifiers Are Equally Qualified
Accreditation agencies are responsible to evaluate product certifiers. Such agencies look for
conformance to competency standards to ensure that products are tested and certified by the
product certifier to meet expected performance levels.
The responsibilities of accreditation agencies go beyond a routine audit of product certifiers. Their
work includes: approval of key policy documents, review of the evaluation process, and a monitor
of the product certifier audit programs. Accreditation agencies issue the product certifiers an
accreditation certificate based on demonstrated competency to standards, including IEC standards.
The accreditation agency seeks to ensure that products are properly certified, which generally
means:
1. The product is labeled with the registered certification mark;
2. The product certifier issues certification to a well-recognized test standard that is
within the certifier’s scope of accreditation;
3. The product certifier issues certification from one of its recognized facility locations.
Points 1 and 3 noted above are often well
understood and applied. However, few
product certifiers issue functional safety
certifications per IEC 61508 within their scope
of accreditation (item 2 above). Without this
crucial step there is no formal evidence of
competency, and safety may be compromised.
The IEC 61508 standard requires “evidence of
competence” for all who perform assessments.
While it does not require a formal authorized
or accredited status, most customers who
purchase IEC 61508-certified products demand
a product certifier that demonstrates a high
level of technical competence.
The product certifier that meets this high
level must demonstrate strong competency
in the key areas of functional safety. This
is demonstrated during an audit by a well
established accreditation agency.
FORMAL ACCREDITATION MATRIX
GROUPS
OFFERING
PRODUCT
CERTIFICATION
GROUP A
SIL
(IEC 61508)
PERFORMANCE
(IEC 60079-29
SERIES; ISO
7240 SERIES)
HAZARDOUS
LOCATION
(IEC 60079)
ACCREDITED
GROUP B
ACCREDITED
GROUP C
ACCREDITED
GROUP D
ACCREDITED
GROUP E
ACCREDITED
ACCREDITED
NONE
ACCREDITED
ACCREDITED
ACCREDITED
ACCREDITED
GROUP F
Did you know? It is crucial to check for SIL, performance and
hazardous location accreditation so your functional safety goals
are achieved. No single group has achieved accreditation in all
three areas as of December 2015. Conversely, some groups are
offering certification without any accreditation. Buyer beware.
5
www.det-tronics.com
For instance, to certify a product meets IEC 61508, the product certifier must have full competency in
functional safety areas such as:
•
•
•
•
•
•
•
Mechanical design (stress conditions, useful life and systematic design procedures)
Software design (software failure mechanisms and systematic design procedures)
Electronic hardware (electronic hardware failure mechanisms and systematic
design procedures)
Hardware Failure Modes, Effects and Diagnostic Analysis (FMEDA)
Hardware probabilistic failure analysis (stress conditions and useful life)
Software and hardware testing procedures and methods
Quality procedures, document control and functional safety management
What You Can (and Can’t) Learn from Documentation
Evaluation of products can be enhanced through an assessment of the product certificate. Certificates
provide additional details to assist in selection of products. Each certificate includes the standards
met and the year of release used to issue certification. For functional safety certification, this date and
standard met is critical to properly compare products.
For instance, the IEC 61508:2000 (Edition 1) Series released version has more optimistic Safe Failure
Fraction values (therefore less safe) as compared to the 2010 (Edition 2) released version. This
significant difference is due to the fact that the FMEDA calculations now require the exclusion of
non-safety related components. The newer
PRODUCTS
REDUNDANCY
PROCESS
RESULT
standard was improved to demand relevant
component assessment, informative safety
manual, development tools and software
SIL 2 +
NO
+ SIL 2 = SIL 2
traceability are considered for each product.
Another important element of Functional
Safety Certification is that SIL 3 manufacturer
SIL 2 + YES
+ SIL 2 = SIL 2
process capability must be given
consideration when issuing a SIL 3 capable
certificate. It is no longer acceptable for a
SIL 2 manufacturer to claim a SIL 3 product
simply by requiring redundancy (HFT = 1).
SIL 2 + YES
+ SIL 3 = SIL 3
They must first prove they have a SIL 3
compliant development process. Process
capability is fundamentally necessary as
a systematic measure in assuring product
SIL 3 +
NO
+ SIL 3 = SIL 3
design robustness. Product certifiers with
competency in Functional Safety Certification
will ensure product and process compliance
to manufacturer claimed capability.
Misconception 4: Thinking that redundancy of SIL 2 products and
a SIL 2 process equals SIL 3. This is not true.
www.det-tronics.com
6
Additional information on manufacturer’s claimed capabilities can be obtained by reviewing the
Product Safety Manual. This is necessary to determine the robustness of the product and process
safety certifications. The product’s Proof Test Interval, which is contained within the Safety
Manual, defines necessary maintenance required during product use to assure on-going proper
functionality. There are cases when a product claims a high SIL capability but it requires expensive
field maintainence. This and other claimed capabilities noted in the Safety Manual should be
reviewed in detail when comparing products.
It is also very important to note that a SIL capable certification does not mean that the product is
performance approved. A SIL capable product certificate may list a variety of codes and standards.
Such a list must not be mistaken for compliance to each as mentioned at the start of this paper. It
may only reference that during evaluation such codes and standards were considered. Codes are
not accreditable by any agency—the only way for a product to be properly certified is if a product
certifier tests and evaluates it to the related standard, and the product certifier is recognized as
competent for the standard by an accreditation agency. Some who offer product certifications are
not able to issue accreditation certifications to the standard you seek.
Summary
Products designed to reduce risks in
hazardous industrial applications must be
certified to particular standards. Those who
offer product certification are responsible
for examining these products to ensure that
they meet functional safety requirements.
Not all product certifiers are in a position
to accomplish what you require. Functional
safety product certification by a product
certifier accredited to IEC 61508 is imperative.
The accredited product certifier should
have proven competency to ensure not only
product and process compliance, but that
all relevant information is reflected within
the manufacturer’s safety manual. The
safety manual and supporting manufacturer’s
documentation must be followed completely
to ensure safe use of product and proper
functionality of the ‘Safety Function.’ Only
then can full and proper compliance ensure
the highest possible level of product
reliability for safety purposes.
ACCREDITATION ASSESMENT MATRIX
GROUPS
OFFERING
PRODUCT
CERTIFICATION
SIL
(IEC 61508)
PERFORMANCE
(IEC 60079-29
SERIES; ISO
7240 SERIES)
HAZARDOUS
LOCATION
(IEC 60079)
ACCREDITED
NOT ACCREDITED
NOT ACCREDITED
NOT ACCREDITED
ACCREDITED
NOT ACCREDITED
NOT ACCREDITED
NOT ACCREDITED
ACCREDITED
NOT ACCREDITED
ACCREDITED
ACCREDITED
ACCREDITED
ACCREDITED
NOT ACCREDITED
ACCREDITED
ACCREDITED
ACCREDITED
NOT ACCREDITED
NOT ACCREDITED
NOT ACCREDITED
Use this matrix to evaluate your process. Evaluate the
abilities of groups in your area offering certification. Are they
accredited to the level you need? In which areas are they and
which areas are they not established as credible resources.
In short, Product Certifiers prove their worth through accreditation. Make sure you align their
accreditation to the products you need certified for functional safety. Questions? Contact your
local Det-Tronics office (www.det-tronics.com).
7
www.det-tronics.com
AUTHORS:
Jon D. Miller, Approvals Engineering Manager (primary)
Mark Gaalswyk, Systems Group Leader (contributing)
For more information or help clarifying which accreditations are crucial for your safety contact your local Det-Tronics office.
An earlier version of this report was published in SPE Offshore Europe Conference 2015.
FlexSonic® Acoustic
Leak Detector
X3301 Multispectrum
IR Flame Detector
PointWatch Eclipse® IR
Combustible Gas Detector
FlexVu® Universal Display
with GT3000 Toxic Gas Detector
Eagle Quantum Premier ®
Safety System
74-1008 1.0
Corporate Office
6901 West 110 th Street
Minneapolis, MN 55438 USA
www.det-tronics.com
Phone: +1 952.941.5665
Toll-free: +1 800.765.3473
Fax: +1 952.829.8750
det-tronics@det-tronics.com
All trademarks are the property of their respective owners.
© 2016 Detector Electronics Corporation. All rights reserved.
Det-Tronics is certified to ISO 9001:2008 in all
manufacturing processes.