exida Certification - IEC 61508, IEC 61511, IEC 62443, ISO 26262, CFSE

Certification FAQ

Does exida have personnel competent to perform assessment to IEC 61508?

The exida IEC 61508 Certification Services team has a combination of over 400 man-years experience in IEC 61508 assessment and certification. Several of the exida team members are ex-TÜV engineers with decades of functional safety assessment experience. Some team members are mechanical design experts with decades of experience in mechanical design and mechanical failure analysis.  Some team members are experienced software designers from instrumentation companies.  These people have experience in the design and failure analysis of systematic software failures.  Some team members are probabilistic failure analysis experts with decades of failure modeling and analysis experience.  Members of exida have written the majority of text books published worldwide in the area of functional safety.

Does exida have project experience in IEC 61508 certification?

People who are now exida team members were the same people who started the functional safety certification process in the late 1980’s. Several of our team members have over 35 years of project experience in functional safety. exida has done dozens of projects in co-operation with one of the TÜV organizations. exida has completed over 500 certification projects as of June 2016. 

Does the certification program include control system Cyber-Security?

exida is one of two companies in the world to be accredited to perform cyber-security certification using schemes from IEC 62443 and ISASecure. These programs have requirements that go beyond network robustness testing to include Functional Security Assessment and Software Development Security Assessment (SDSA). exida is the most active assessment and certification company in the world regarding control system cyber-security having actively participated in the development of the IEC 62443 and ISASecure standards. 

Has exida participated on the IEC 61508 committee?

Several exida team members have been active on the IEC 61508 committee since its inception. These people continue today as the standard progresses through modification. No other certification agency in the world has been more active in the creation of IEC 61508.

Has exida participated on the IEC 62443 committees?

Yes, exida personnel have been active on several committees. exida has been most active on the IEC 62443-4-1 committee where the technical lead and editor was an exida person. No other certification agency in the world has been more active in the creation of IEC 62443. 

How many certifications has exida done?

As of June 2017 exida has successfully completed over 600 IEC 61508 product certifications of currently marketed products. exida has completed more active IEC 61508 certifications in the process industries than any other organization. A study by ARC Advisory Group in November 2015 has concluded that “exida is the clear market leader in device safety certifications.” 

In cybersecurity, exida has done more certifications than any other Certification Body. 

A complete overview of all products that have been assessed to any level is available on exida’s Safety Automation Equipment List.

How should exida IEC 61508 certification differ from other certification schemes?

The IEC 61508 standard is a large specification with each sub-clause being a requirement. The standard states: “To conform to this standard it shall be demonstrated that the requirements have been satisfied to the required criteria specified and therefore, for each clause or sub-clause, all the objectives have been met.” 

In the opinion of exida, this statement requires a “Safety Case” or “Safety Justification” to the requirements of IEC 61508. A simple certificate and certification report stating general compliance with a standard does not fulfill the IEC 61508 requirements.  A full Safety Case lists all IEC 61508 requirements and provides the arguments and justification as to how each project meets the standard.  exida does a Safety Case for each certification project. 

In addition, the exida Certification program looks at usability of a product from a systems perspective and evaluates the likelihood of unintended misuse.  Although this is not part of many certification programs, the exida End User Advisory Council has strongly suggested this interpretation of IEC 61508 requirements. 

Is a Nationally Recognized Testing Laboratory required for IEC 61508 certification in the U.S?

One must not confuse electrical safety with functional safety. Electrical safety certification in the U.S. is recognized by OSHA and must be done by a Nationally Recognized Testing Laboratory (NRTL). The NRTL program does not apply to functional safety or cyber-security although an NRTL must meet ISO/IEC 17025 which includes strict requirements for document control and measurement capability with calibration traceable to the National Institute of Standards and Technology (NIST), www.nist.org.

The ability to accurately assess functional safety as required by IEC 61508 is a very different technical field than the ability to accurately measure electrical currents, voltages, temperatures, etc. To certify that a product meets the requirements of IEC 61508, the certification agency must have full competency in:

  • Mechanical design: stress conditions, useful life and systematic design procedures
  • Software design procedures and software failure mechanisms
  • Electronic hardware design procedures, electronic hardware failure mechanisms
  • Hardware Failure Modes, Effects and Diagnostic Analysis (FMEDA)
  • Hardware probabilistic failure analysis: stress conditions and useful life
  • Software and hardware testing procedures and methods
  • Quality procedures, document control and functional safety management
At exida, this competency was evaluated during the accreditation audit by ANSI.

Is a Notified Body required for IEC 61508 certification in the E.U.?

A Notified Body in the European Union (E.U.) is similar to a NRTL in the U.S.  Notified Bodies must also pass strict criteria for measurement and calibration. This is not relevant to IEC 61508 nor is Notified Body status required for an organization to issue IEC 61508 certifications as IEC 61508 is not listed under a specific European Directive but is a Basic Safety Publication applicable to many application areas where no specific functional safety rules exist.

Is exida part of TÜV?

No, exida is wholly owned by independent investors, exida partners and employees. Exida is an independent company. This question is asked because functional safety certifications were first done by one of several German companies collectively known in the marketplace as TÜV. Prior to IEC 61508, these certifications were done per the German standard VDE0801/VDE0801-A1. Since the release of IEC 61508 in 1998, Certification Bodies outside of Germany have performed most functional safety certifications per IEC 61508. 

Where does exida get the failure rate data needed for probabilistic analysis?

exida uses several techniques to generate and validate failure rate data. The primary technique is an FMEDA of both mechanical and electrical components. The FMEDA analysis uses the exida component databases [exi12a, exi12b] which are calibrated for several application environments including low demand process industry applications. The databases are verified by over ten billion unit operating hours of field experience primarily in the process industries. For high demand applications exida requires a “cycle test” as evidence of useful life and failure rate. exida also does a manufacturer warranty return study to verify FMEDA results.

Unlike other agencies, exida does not accept manufacturer warranty return studies as exclusive failure rate data evidence because such studies typically have very optimistic assumptions [exi11]. Nor does exida accept “cycle test” as exclusive evidence of failure rate data for high demand applications as these tests often provide very low failure rates.   

Who are exida Certification Services customers?

image

The logos above represent some of the many product manufacturers who have successfully received a certification from exida.

Who authorizes exida to perform IEC 61508 certification?

The IEC 61508 standard requires “evidence of competence” of those who perform assessments but does not require they be formally authorized or accredited. However, most end users who purchase IEC 61508 certified equipment demand that the certification be done by a highly competent technical organization with accreditation per ANSI or other Accreditation Body per the IAF (International Accreditation Forum, Inc.). exida is accredited per EN45011 by ANSI. Perhaps even more importantly, exida has the right technical experience in mechanical design, electronic design, software design, cybersecurity and probabilistic analysis. Any organization doing the certification audit work must demonstrate strong competency in these key areas. This competency is typically demonstrated during an accreditation audit.

Product certification programs are operated per the ISO/IEC 17065 product certification program standard. exida is accredited per that standard as well as ISO/IEC 17025, the standard for test laboratories. 

Who is TÜV?

There is more than one company collectively known in the market as “TÜV.”  TÜV is an abbreviation for “Technische Überwachungs Verein” which translates to “Technical Supervision Group.”  These are privately held companies and not government owned. 

At one time there were several different companies all using a variation of the TÜV name.  Names from the past include TÜV Product Service, RWTÜV, TÜViT and others.  Several mergers have taken place and there seems to be only three companies doing functional safety today; TÜV Rheinland, TÜV Süd, and TÜV Nord.  Each has a group that does functional safety assessment for instrumentation products. 

Why does an exida certificate have an expiration date when others do not?

exida does require that product manufacturer’s undergo periodic re-assessment. At that time engineering changes are examined, field failure history is reviewed and development/testing process updates are reviewed to be certain that the product still meets the requirements of the referenced standards. A visible surveillance date will clearly indicate to potential customers of any product if the manufacturer no longer verifies that the product meets the standard. 

Why does exida have an AB logo on their certificates and others do not?

When a CB performs as assessment following their accredited process, they may put the AB logo on their certificate. On the exida certificate, this logo is in the lower left front page. 

Some CBs, though accredited, do not follow their accredited process and are not permitted to use the AB logo on their certificates.