The exida IEC 61508 Certification Services team has a combination of over 400 man-years experience in IEC 61508 assessment and certification. Several of the exida team members are ex-TÜV engineers with decades of functional safety assessment experience. Some team members are mechanical design experts with decades of experience in mechanical design and mechanical failure analysis. Some team members are experienced software designers from instrumentation companies. These people have experience in the design and failure analysis of systematic software failures. Some team members are probabilistic failure analysis experts with decades of failure modeling and analysis experience. Members of exida have written the majority of text books published worldwide in the area of functional safety.
People who are now exida team members were the same people who started the functional safety certification process in the late 1980’s. Several of our team members have over 35 years of project experience in functional safety. exida has done dozens of projects in co-operation with one of the TÜV organizations. exida has completed over 500 certification projects as of June 2016.
exida is one of two companies in the world to be accredited to perform cyber-security certification using schemes from IEC 62443 and ISASecure. These programs have requirements that go beyond network robustness testing to include Functional Security Assessment and Software Development Security Assessment (SDSA). exida is the most active assessment and certification company in the world regarding control system cyber-security having actively participated in the development of the IEC 62443 and ISASecure standards.
Several exida team members have been active on the IEC 61508 committee since its inception. These people continue today as the standard progresses through modification. No other certification agency in the world has been more active in the creation of IEC 61508.
Yes, exida personnel have been active on several committees. exida has been most active on the IEC 62443-4-1 committee where the technical lead and editor was an exida person. No other certification agency in the world has been more active in the creation of IEC 62443.
As of June 2017 exida has successfully completed over 600 IEC 61508 product certifications of currently marketed products. exida has completed more active IEC 61508 certifications in the process industries than any other organization. A study by ARC Advisory Group in November 2015 has concluded that “exida is the clear market leader in device safety certifications.”
In cybersecurity, exida has done more certifications than any other Certification Body.
A complete overview of all products that have been assessed to any level is available on exida’s Safety Automation Equipment List.
The IEC 61508 standard is a large specification with each sub-clause being a requirement. The standard states: “To conform to this standard it shall be demonstrated that the requirements have been satisfied to the required criteria specified and therefore, for each clause or sub-clause, all the objectives have been met.”
In the opinion of exida, this statement requires a “Safety Case” or “Safety Justification” to the requirements of IEC 61508. A simple certificate and certification report stating general compliance with a standard does not fulfill the IEC 61508 requirements. A full Safety Case lists all IEC 61508 requirements and provides the arguments and justification as to how each project meets the standard. exida does a Safety Case for each certification project.
In addition, the exida Certification program looks at usability of a product from a systems perspective and evaluates the likelihood of unintended misuse. Although this is not part of many certification programs, the exida End User Advisory Council has strongly suggested this interpretation of IEC 61508 requirements.
The ability to accurately assess functional safety as required by IEC 61508 is a very different technical field than the ability to accurately measure electrical currents, voltages, temperatures, etc. To certify that a product meets the requirements of IEC 61508, the certification agency must have full competency in:
A Notified Body in the European Union (E.U.) is similar to a NRTL in the U.S. Notified Bodies must also pass strict criteria for measurement and calibration. This is not relevant to IEC 61508 nor is Notified Body status required for an organization to issue IEC 61508 certifications as IEC 61508 is not listed under a specific European Directive but is a Basic Safety Publication applicable to many application areas where no specific functional safety rules exist.
No, exida is wholly owned by independent investors, exida partners and employees. Exida is an independent company. This question is asked because functional safety certifications were first done by one of several German companies collectively known in the marketplace as TÜV. Prior to IEC 61508, these certifications were done per the German standard VDE0801/VDE0801-A1. Since the release of IEC 61508 in 1998, Certification Bodies outside of Germany have performed most functional safety certifications per IEC 61508.
exida uses several techniques to generate and validate failure rate data. The primary technique is an FMEDA of both mechanical and electrical components. The FMEDA analysis uses the exida component databases [exi12a, exi12b] which are calibrated for several application environments including low demand process industry applications. The databases are verified by over ten billion unit operating hours of field experience primarily in the process industries. For high demand applications exida requires a “cycle test” as evidence of useful life and failure rate. exida also does a manufacturer warranty return study to verify FMEDA results.
Unlike other agencies, exida does not accept manufacturer warranty return studies as exclusive failure rate data evidence because such studies typically have very optimistic assumptions [exi11]. Nor does exida accept “cycle test” as exclusive evidence of failure rate data for high demand applications as these tests often provide very low failure rates.
The logos above represent some of the many product manufacturers who have successfully received a certification from exida.
The IEC 61508 standard requires “evidence of competence” of those who perform assessments but does not require they be formally authorized or accredited. However, most end users who purchase IEC 61508 certified equipment demand that the certification be done by a highly competent technical organization with accreditation per ANSI or other Accreditation Body per the IAF (International Accreditation Forum, Inc.). exida is accredited per EN45011 by ANSI. Perhaps even more importantly, exida has the right technical experience in mechanical design, electronic design, software design, cybersecurity and probabilistic analysis. Any organization doing the certification audit work must demonstrate strong competency in these key areas. This competency is typically demonstrated during an accreditation audit.
Product certification programs are operated per the ISO/IEC 17065 product certification program standard. exida is accredited per that standard as well as ISO/IEC 17025, the standard for test laboratories.
There is more than one company collectively known in the market as “TÜV.” TÜV is an abbreviation for “Technische Überwachungs Verein” which translates to “Technical Supervision Group.” These are privately held companies and not government owned.
At one time there were several different companies all using a variation of the TÜV name. Names from the past include TÜV Product Service, RWTÜV, TÜViT and others. Several mergers have taken place and there seems to be only three companies doing functional safety today; TÜV Rheinland, TÜV Süd, and TÜV Nord. Each has a group that does functional safety assessment for instrumentation products.
exida does require that product manufacturer’s undergo periodic re-assessment. At that time engineering changes are examined, field failure history is reviewed and development/testing process updates are reviewed to be certain that the product still meets the requirements of the referenced standards. A visible surveillance date will clearly indicate to potential customers of any product if the manufacturer no longer verifies that the product meets the standard.
When a CB performs as assessment following their accredited process, they may put the AB logo on their certificate. On the exida certificate, this logo is in the lower left front page.
Some CBs, though accredited, do not follow their accredited process and are not permitted to use the AB logo on their certificates.