Det-Tronics CRITICAL SAFETY PROVISO: Why Functional Safety Product Certifiers Must Meet Highest Level of Accreditation (White Paper)
Industry Manual Repository
Join the AnalyzeDetectNetwork and Read This Manual and Hundreds of Others Like It! It's Free!
INDUSTRY WHITE PAPER
CRITICAL SAFETY PROVISO:
Why Functional Safety
Product Certiﬁers Must Meet
Highest Level of Accreditation
You need your ﬁre and gas system to function at the highest
safety levels. What can you do to make sure it is? A thirdparty evaluation of a manufactured product is preferred over
self-certiﬁcation. But which third-party should you select?
What matters in certiﬁcation? How can you have conﬁdence
you have selected fully qualiﬁed companies to conduct
proper and complete product certiﬁcation?
Helping you answer these questions is this paper’s goal. Common misconceptions include:
Misconception 1: product self-certiﬁcation follows the same rigor as third-party approval
Misconception 2: all product certiﬁers are equally qualiﬁed
Misconception 3: standards on documentation mean the product has a certain certiﬁcation
Misconception 4: you achieve SIL 3 by using redundant SIL 2 products with SIL 2 process
The errors often develop from misunderstood terms. Here are a few key deﬁnitions.
Standard: an agreed upon description of what satisﬁes proper function. It uses technical,
veriﬁable language so local and international groups can establish best practice for an
industry. IEC 61508 and IEC 60079-29-1 are examples of standards.
Accreditation Agency: A group that identiﬁes (accredits) companies that possess the
necessary knowledge and rigor to certify function for solutions. They may also be the
organization that endorses the standard. ANSI is an Accreditation Agency.
Product Certifier: This is a group that has been accredited as able to assess and audit
products, services and systems for public safety—meeting the standard—and therefore
are able to properly provide certiﬁcation. exida is a SIL Product Certiﬁer.
Certification: establishes that a speciﬁc solution (product, service or system) meets
the standard. Tested through an assessment, it offers conﬁdence that the solution is
safe, functional, and will perform as expected. A functional safety certiﬁcate is issued to
conﬁrm the assessment was determined compliant. For valid certiﬁcation, the product
certiﬁer must achieve accreditation to the standards used.
Self-Certification Is Risky
Selection of properly certiﬁed ﬂame and gas detection products for safety purposes is
vital. Certiﬁed products installed to the approved safety codes and standards is crucial—a
must. There are many considerations to weigh each step of the way. Operational
efﬁciency, maximum productivity and overall safety require comprehensive attention.
Ultimately you need the correct certification, installation and day-to-day operation of a
product to achieve the highest safety standard.
This paper focuses on the product certiﬁcation step. Great products properly installed
and operated will not achieve functional safety unless the product certiﬁcation is also
legitimate. Often misunderstood, product certiﬁcation is crucial to safety—it establishes
proper functional safety at the extremes and special use conditions. Functional safety
allows for failure in a predictable (safe) manner. Therefore mistakes during product
certiﬁcation can reveal themselves in catastrophe. Achieving full and reliable functional
safety certification requires careful attention.
Compliance with local safety standards is a very complex task. There are thousands of local,
regional and national standards and numerous equipment choices, accreditation agencies and
third-party product certiﬁers. Each present a wide and varied set of options. Selection of the
product certiﬁer (also known as product certiﬁcation bodies or notiﬁed bodies) requires evaluation
of the speciﬁc standards and competencies as recognized by the accreditation agency.
This paper’s focus is on the certification aspect of functional safety
If Product Meets
then Certiﬁcate Is
Meets Codes and
(e.g. SIL 2)
The accreditation agency and product certiﬁer are often less well known by local operators. The
accreditation agency (ANSI, OSHA, CNAS, UKAS are a few) evaluates product certiﬁers to detailed
safety standards that are vetted for competency through a formal process.
Companies offering to certify products are numerous (exida, FM, SIRA, UL and TÜV Rheinland are a
few). They offer a variety of abilities when it comes to certiﬁcation. This is a potential weak point in
the process. Selecting a product certiﬁer to establish your speciﬁc needs will take investigation. The
product certiﬁer needs to prove competency in the standards related to your product—you may (and
likely will) require more than one product certiﬁer to accomplish your goals.
Here is how it should work
exida, LLC as
LS2000 Line-ofSight Infrared Gas
Safety Codes and
exida, LLC Issues
Meets Codes and
(e.g. SIL 2)
Not All Product Certifiers Are Equally Qualified
Accreditation agencies are responsible to evaluate product certiﬁers. Such agencies look for
conformance to competency standards to ensure that products are tested and certiﬁed by the
product certiﬁer to meet expected performance levels.
The responsibilities of accreditation agencies go beyond a routine audit of product certiﬁers. Their
work includes: approval of key policy documents, review of the evaluation process, and a monitor
of the product certiﬁer audit programs. Accreditation agencies issue the product certiﬁers an
accreditation certiﬁcate based on demonstrated competency to standards, including IEC standards.
The accreditation agency seeks to ensure that products are properly certiﬁed, which generally
1. The product is labeled with the registered certiﬁcation mark;
2. The product certiﬁer issues certiﬁcation to a well-recognized test standard that is
within the certiﬁer’s scope of accreditation;
3. The product certiﬁer issues certiﬁcation from one of its recognized facility locations.
Points 1 and 3 noted above are often well
understood and applied. However, few
product certiﬁers issue functional safety
certiﬁcations per IEC 61508 within their scope
of accreditation (item 2 above). Without this
crucial step there is no formal evidence of
competency, and safety may be compromised.
The IEC 61508 standard requires “evidence of
competence” for all who perform assessments.
While it does not require a formal authorized
or accredited status, most customers who
purchase IEC 61508-certiﬁed products demand
a product certifier that demonstrates a high
level of technical competence.
The product certifier that meets this high
level must demonstrate strong competency
in the key areas of functional safety. This
is demonstrated during an audit by a well
established accreditation agency.
FORMAL ACCREDITATION MATRIX
Did you know? It is crucial to check for SIL, performance and
hazardous location accreditation so your functional safety goals
are achieved. No single group has achieved accreditation in all
three areas as of December 2015. Conversely, some groups are
offering certiﬁcation without any accreditation. Buyer beware.
For instance, to certify a product meets IEC 61508, the product certiﬁer must have full competency in
functional safety areas such as:
Mechanical design (stress conditions, useful life and systematic design procedures)
Software design (software failure mechanisms and systematic design procedures)
Electronic hardware (electronic hardware failure mechanisms and systematic
Hardware Failure Modes, Effects and Diagnostic Analysis (FMEDA)
Hardware probabilistic failure analysis (stress conditions and useful life)
Software and hardware testing procedures and methods
Quality procedures, document control and functional safety management
What You Can (and Can’t) Learn from Documentation
Evaluation of products can be enhanced through an assessment of the product certiﬁcate. Certiﬁcates
provide additional details to assist in selection of products. Each certiﬁcate includes the standards
met and the year of release used to issue certiﬁcation. For functional safety certiﬁcation, this date and
standard met is critical to properly compare products.
For instance, the IEC 61508:2000 (Edition 1) Series released version has more optimistic Safe Failure
Fraction values (therefore less safe) as compared to the 2010 (Edition 2) released version. This
signiﬁcant difference is due to the fact that the FMEDA calculations now require the exclusion of
non-safety related components. The newer
standard was improved to demand relevant
component assessment, informative safety
manual, development tools and software
SIL 2 +
+ SIL 2 = SIL 2
traceability are considered for each product.
Another important element of Functional
Safety Certiﬁcation is that SIL 3 manufacturer
SIL 2 + YES
+ SIL 2 = SIL 2
process capability must be given
consideration when issuing a SIL 3 capable
certiﬁcate. It is no longer acceptable for a
SIL 2 manufacturer to claim a SIL 3 product
simply by requiring redundancy (HFT = 1).
SIL 2 + YES
+ SIL 3 = SIL 3
They must ﬁrst prove they have a SIL 3
compliant development process. Process
capability is fundamentally necessary as
a systematic measure in assuring product
SIL 3 +
+ SIL 3 = SIL 3
design robustness. Product certiﬁers with
competency in Functional Safety Certiﬁcation
will ensure product and process compliance
to manufacturer claimed capability.
Misconception 4: Thinking that redundancy of SIL 2 products and
a SIL 2 process equals SIL 3. This is not true.
Additional information on manufacturer’s claimed capabilities can be obtained by reviewing the
Product Safety Manual. This is necessary to determine the robustness of the product and process
safety certiﬁcations. The product’s Proof Test Interval, which is contained within the Safety
Manual, deﬁnes necessary maintenance required during product use to assure on-going proper
functionality. There are cases when a product claims a high SIL capability but it requires expensive
ﬁeld maintainence. This and other claimed capabilities noted in the Safety Manual should be
reviewed in detail when comparing products.
It is also very important to note that a SIL capable certiﬁcation does not mean that the product is
performance approved. A SIL capable product certiﬁcate may list a variety of codes and standards.
Such a list must not be mistaken for compliance to each as mentioned at the start of this paper. It
may only reference that during evaluation such codes and standards were considered. Codes are
not accreditable by any agency—the only way for a product to be properly certiﬁed is if a product
certiﬁer tests and evaluates it to the related standard, and the product certiﬁer is recognized as
competent for the standard by an accreditation agency. Some who offer product certifications are
not able to issue accreditation certifications to the standard you seek.
Products designed to reduce risks in
hazardous industrial applications must be
certiﬁed to particular standards. Those who
offer product certiﬁcation are responsible
for examining these products to ensure that
they meet functional safety requirements.
Not all product certifiers are in a position
to accomplish what you require. Functional
safety product certiﬁcation by a product
certiﬁer accredited to IEC 61508 is imperative.
The accredited product certifier should
have proven competency to ensure not only
product and process compliance, but that
all relevant information is reflected within
the manufacturer’s safety manual. The
safety manual and supporting manufacturer’s
documentation must be followed completely
to ensure safe use of product and proper
functionality of the ‘Safety Function.’ Only
then can full and proper compliance ensure
the highest possible level of product
reliability for safety purposes.
ACCREDITATION ASSESMENT MATRIX
Use this matrix to evaluate your process. Evaluate the
abilities of groups in your area offering certiﬁcation. Are they
accredited to the level you need? In which areas are they and
which areas are they not established as credible resources.
In short, Product Certifiers prove their worth through accreditation. Make sure you align their
accreditation to the products you need certified for functional safety. Questions? Contact your
local Det-Tronics office (www.det-tronics.com).
Jon D. Miller, Approvals Engineering Manager (primary)
Mark Gaalswyk, Systems Group Leader (contributing)
For more information or help clarifying which accreditations are crucial for your safety contact your local Det-Tronics ofﬁce.
An earlier version of this report was published in SPE Offshore Europe Conference 2015.
IR Flame Detector
PointWatch Eclipse® IR
Combustible Gas Detector
FlexVu® Universal Display
with GT3000 Toxic Gas Detector
Eagle Quantum Premier ®
6901 West 110 th Street
Minneapolis, MN 55438 USA
Phone: +1 952.941.5665
Toll-free: +1 800.765.3473
Fax: +1 952.829.8750
All trademarks are the property of their respective owners.
© 2016 Detector Electronics Corporation. All rights reserved.
Det-Tronics is certified to ISO 9001:2008 in all