Upload
sbvseshagiri1407
View
218
Download
0
Embed Size (px)
Citation preview
7/28/2019 BaltimoreWash DC ISA 2008 3-08
1/23
email: [email protected]
Mnchen, Germany+49-89-49000547
Sellersville, PA., USA+1-215-453-1720
Tales from the inside the instrument -
IEC 61508 Certification
excellence in dependable automation
Copyright exida2001..2008
7/28/2019 BaltimoreWash DC ISA 2008 3-08
2/23
Introduction
William Goble
William Goble has over 30 years of professionalexperience. His areas of expertise include safetyand high availability automation systems,automation probabilistic analysis, new product
development and market analysis. He developedmany of the techniques used for probabilisticevaluation of safety and high availabilityautomation systems. He was formerly Director,Critical Systems at Moore Products where jobduties included marketing, design and
development and engineering projectmanagement. He has written three books ontopics of safety and reliability modeling. He is afellow member of ISA. He has published manypapers and magazine articles. Dr. Goble has aBSEE from Penn State, a MSEE from Villanovaand a PhD from Eindhoven University of
Technology in Eindhoven, Netherlands.
7/28/2019 BaltimoreWash DC ISA 2008 3-08
3/23
7/28/2019 BaltimoreWash DC ISA 2008 3-08
4/23
Functional Safety Standards
0
10
20
30
40
50
60
70
80
90
100
1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006
Year
Is your company implementing or planning onimplementing the ISA 84.01 Functional SafetyStandard?
ISA S84.01-1996 Published
IEC 61508 Parts 1,2,4
IEC 61508 Parts 3,5,6,7
IEC 61511
ANSI/ISA 84.01-2004
7/28/2019 BaltimoreWash DC ISA 2008 3-08
5/23
IEC 61511 EquipmentJustification
Application Fit JustificationMake sure that the equipment performs the
needed functions and is fully compatible
with the environment and process.Safety Integrity JustificationEquipment used in safety instrumented
systems must be chosen based on either
IEC 61508 certification to the appropriateSIL level orjustification based on prioruse criteria
7/28/2019 BaltimoreWash DC ISA 2008 3-08
6/23
Copyright exida 2001..2008
Prior Use ??? Prior use generally means:
a user company has many years of documentedsuccessful experience (no dangerous failures)with a particular version of a particular instrument
this can provide justification for using thatinstrument even if it is not safety certified.Operating conditions must be recorded and mustbe similar to the proposed safety application.
We do not have the failure data!
I do not want to take responsibility forequipment justification!
We do not take the time to record allinstrument failures!
This is a new instrument!
I cannot justify PRIOR USE!
7/28/2019 BaltimoreWash DC ISA 2008 3-08
7/23
Alternative for safety integrity justification -IEC 61508 Full Certification
The end result of the certificationprocess is a certificate listing theSIL level for which a product isqualified and the standards thatwere used for the certification.
A good certification assessmentwill demonstrate high designquality for hardware, softwareand high manufacturing quality.
A good certification assessmentwill check to see that proper enduser documentation is provided The Safety Manual
7/28/2019 BaltimoreWash DC ISA 2008 3-08
8/23
Trend toward 61508 certified instruments
IEC 61508 Certification is a measure of design quality.IEC 61508 Certification provides fully justifiable equipment
selection without safety integrity documentation created by the
end user.
More and more products are getting IEC 61508 Certification:
0
5
10
15
20
25
30
1996
1997
1998
1999
2000
2001
200'2
2003
2004
2005
2006
2007
Number of IEC 61508 Certified Sensors
From exida Process
MeasurementInstrument Marketreport
7/28/2019 BaltimoreWash DC ISA 2008 3-08
9/23
What does an instrument manufacturer have to do?
1. Hardware - meet PFDavg
expectations for target SIL via:
Low failure rates, fail-safe design
High diagnostic coverage
2. Hardware - Meet SFF
requirement for target SIL.3. Software - Meet software
process requirements for target
SIL, systematic fault avoidance
4. Product - Meet design process
requirements for target SIL,systematic fault avoidance
5. Produce Safety Manual for UserHardware 1,2
Certify theprocess 3,4
UserDocumentation - 5
Full Product
Certification
7/28/2019 BaltimoreWash DC ISA 2008 3-08
10/23Copyright exida2001..2008
Hardware Analysis
Industry
Product
Database
FMEDA
Compare
COMPONENT
DATABASE
Draft
Component
s
Failure Mode
Distribution
ProductFailure
Modes
Product
Diagnostic
Coverage
Feedback
to update
database
Based of warranty data analysis
or field failure data analysis
An FMEDA is an analysis technique used in IEC 61508 Certification. Itis a detailed, systematic review of the design looking at every part in thedesign.
7/28/2019 BaltimoreWash DC ISA 2008 3-08
11/23
Failure Rates:lS(Failure rate of all safe failures)
l
SD
(Failure rate of all safe detected failures)
lSU(Failure rate of all safe undetected failures)
lD(Failure rate of all dangerous failures)
lDD(Failure rate of all dangerous detected failures)
lDU(Failure rate of all dangerous undetected failures)
Calculation of SFF
What are the results of the FMEDA ?
7/28/2019 BaltimoreWash DC ISA 2008 3-08
12/23
Product Failure Data Example from FMEDA
7/28/2019 BaltimoreWash DC ISA 2008 3-08
13/23
FMEDA Fault Insertion Test
Simulate component failures andtest that diagnostics perform asexpected.
Verify software contribution tofault handling
F.I.T. suites driven from FMEDA totest each diagnostic andfunctional failure mode.
Fault Insertion Tests (F.I.T.) verify the theoreticalFMEDA with actual product reactions to faults
7/28/2019 BaltimoreWash DC ISA 2008 3-08
14/23Copyright exida2001..2007
exidaSafety Case DatabaseRequirements Arguments Assessment
Evidence
Audit Lists
7/28/2019 BaltimoreWash DC ISA 2008 3-08
15/23
Copyright exida2001..2008
IndependentAssessment Process
FMEDA & Fault Insertion TestsTest SpecificationSafety Manual
Review FSM Plan + Procedures
Define Scope
Assess System & SoftwareArchitecture
Assess Safety Case
On-site AuditsComplete Safety Case
Checklist
Complete Safety CaseChecklist
Complete Safety CaseChecklist
Review Design documentation
Review Testing
Problems?
Assessment report
CertificateIndependent Audit
Assessment Plan Application Safety RequirementsMilestones
System FMEAPartitioning + Safety CriticalitySoftware + IC On-Chip Redundancy Physical & Logical Independence
Common CauseRequirements Tracking
Safety Manual
Test execution
Role allocation + Competence
Implementation of proceduresCompetence
7/28/2019 BaltimoreWash DC ISA 2008 3-08
16/23
Experience
Design Quality? Does everyone pass?
NO a majority fail initial auditsHardware A transmitter has shipped over 25,000 units and has beenshipping for nearly 5 years. The FMEDA analysis quickly showed that whenthe microprocessor clock stops, the 4 20 mA output freezes!
Hardware A valve has been shipping for nearly two years. The tool
verification check showed that mechanical tolerances were incorrectlytranslated by a CAD tool revision such that the valve would bind at hightemperatures!
Hardware A transmitter has shipped over 200,000 units and has beenshipping for nearly 3 years. A Fault Injection Test showed that diagnosticssimply did nothing. Component failures in the transmitter could cause
drifting outputs and this situation would not be revealed.Hardware A valve manufacturer has been making a particular ball valvedesign for thirty years. The product is clearly field proven. A purchasing
agent changed vendors on a critical part. The new part was not quite thesame material and many field failures resulted. IEC 61508 requires that thedesign specify exact parts with a qualification procedure needed for allchanges including a new vendor.
7/28/2019 BaltimoreWash DC ISA 2008 3-08
17/23
7/28/2019 BaltimoreWash DC ISA 2008 3-08
18/23
Are IEC 61508 Products Available?
IEC 61508 Certified Products:Pressure Transmitters
Temp. Transmitters
Flow Transmitters
Level Transmitters
PLCs
Trip Amps, modules
ActuatorsSolenoids
Valves
7/28/2019 BaltimoreWash DC ISA 2008 3-08
19/23
19
IEC 61508PLC
Certification
7/28/2019 BaltimoreWash DC ISA 2008 3-08
20/23
IEC 61508Pressure
TransmitterCertification
7/28/2019 BaltimoreWash DC ISA 2008 3-08
21/23
21
IEC 61508Solenoid Valve
Certification
7/28/2019 BaltimoreWash DC ISA 2008 3-08
22/23
ISA and othershave several bestsellers for
automation safetyand reliability
Read more about Funct ional Safety
7/28/2019 BaltimoreWash DC ISA 2008 3-08
23/23
excellence in dependable automation
Questions?