IEC 61508 Certification is a Third-Party Validation against the standard’s requirements, comprising of:
- Detailed Analysis of engineering processes to determine Systematic Capability and Cybersecurity Strength
- Detailed Analysis of hardware design / design margins resulting in Random Failure Rate in all failure modes
- Analysis/Testing to show safe, correct operation and Cybersecurity Susceptibility
To achieve an exida certification, three options are available:
- Design and Test Process fully compliant
- Fully compliant historical product
- No changes allowed
Each of these certification options have different requirements and documents we will assess.
For the Design and Test Process fully compliant option:
- The new design must have a full hardware failure analysis;
- The new design must follow the design process requirements of IEC 61508 for the target SIL level; and
- A Safety Manual must be created to explain how to use the product at the system level.
The Design and Test Process fully compliant is typically done on products that are new or have new components in them. This option relies more heavily on validation and verification testing and requirements.
For the fully compliant historical product option, the product must have well-documented field history and:
- The design must have a full hardware failure analysis;
- The product field data collection process is audited. Design process must meet requirements for ECNs; and
- A Safety Manual must be created to explain how to use the product at the system level.
The fully compliant historical product option is typically done on products that have at least 3–5 year history with well-kept returns data. This option relies more a Proven-In-Use Assessment . This is a great option if you have an older product that has not changed much in the last several years. For example, a ball valve that may not have the records of validation and verification done in the past.
For the “no changes” option, you can eliminate some of the standard’s requirement by agreeing to not modify the product once it is certified.
Once again, as in option 2 above, the product must have well-documented field history and:
- The design must have a full hardware failure analysis;
- The product field data collection process is audited. No changes are allowed; and
- A Safety Manual must be created to explain how to use the product at the system level.
The “no changes” option is typically done on products that have a longer history with well-kept returns data. This option relies more on a Proven-In-Use Assessment, just as option 2, but this time, no modification can be made after certification unless you bring it back for an assessment of the change. This option can be helpful if you have an older product that you are not planning to make any changes to, may not have the records of validation and verification done in the past, and may not have the modification process up to the level of requirements from IEC 61508.
Once a product meets all requirements of the standard, the certification process will be complete, and a certificate will be issued. For a list of current certificates, see www.exida.com/SAEL.
Related Items
Back to Basics 01 - Functional Safety
Back to Basics 02 - Safety Integrity Level (SIL)
Back to Basics 03 - Safety Instrumented Function (SIF)
Back to Basics 04 - Safety Instrumented System (SIS)
Back to Basics 05 - What is a Safety Function?
Back to Basics 07– Safety Lifecycle – IEC 61508
Back to Basics 09 – Safety Lifecycle – IEC 61511
Back to Basics 10 – How Does a Product Get a SIL?
Back to Basics 11 – How is SIL Used by an End User?
Tagged as: Systematic Capability Loren Stewart functional safety back to basics