I have often heard the question “Who says they can issue a certification?” This is often accompanied by “Why can’t I certify my own product?” “Who knows our design better than we do?” Good questions.
The IEC 61508 standard does not require certified products for Functional Safety. However, competency is required and “independent assessment” is required for higher SIL levels. So what is happening in the market?
Some companies self-certify their products. I have seen certificates usually signed by their quality manager declaring “Suitable for SIL X,” or such language. I recently asked about the procedure used. This particular manufacturer spoke with a few dozen of their customers and asked if the product was working well. One had been designing safety systems “for over thirty years” and thought it would be OK to use their product. That was enough evidence for them. Another case involved an audit that was done by exida on a manufacturer and the product failed. Three months later, a self-certification appeared. Not impressive. When I see such disregard for safety it is frustrating. So I always ask for a copy of the Assessment Report, a document that describes the steps completed to show compliance to IEC 61508. No report; no validity.
I realize I am biased, but I have yet to see a valid self-certification. As a member of an accredited certification body, I know how much work it is to justify personnel competency: documenting all certification procedures and enforcing quality on each project. So how does a company earn accreditation?
Product certification programs must follow IEC/ISO Guide 65 (also known as EN45011) or ISO 17025. Most certification bodies get audited to both standards. Audits are done by government agencies in most countries. The US has the American National Standards Institute (ANSI), which has an accreditation program for product certification. I know that the ANSI audits were tough. A strong quality system must be in place and technical competency is reviewed.
However, in my opinion there are issues with the system. Perhaps some accreditation auditors are not so tough. I have seen one accredited certification body issue a mechanical functional safety certification based on “cycle testing.” This method is valid when the moving mechanical parts cause the dominant failure modes. The process industries however feature dominant failure modes that include corrosion and the bonding of parts occurring when parts remain in contact with each other for long periods of time. They also used invalid equations to calculate dangerous failure rates that were 100X too small. This is dangerous.
Make sure to look for functional safety certifications from technically competent independent companies. Always ask for the assessment report which should be available online (e.g. www.sael-online.com).
Tagged as: sil levels SIL iso 17025 ieciso guide 65 iec 61508 certification IEC 61508 functional safety en45011 Dr. William Goble ansi