IEC 61508 Assessment - exida.com · The document was prepared using best effort. The authors make no warranty of any kind and shall not be liable in any event for incidental or consequential

The document was prepared using best effort. The authors make no warranty of any kind and shall not be liable in any event for incidental or consequential damages in connection with the application of the document.

© All rights reserved.

IEC 61508 Functional Safety Assessment

Project:

E*318**00H solenoid valves

Customer:

pneumatrol Oswaldtwistle, Nr. Accrington, Lancs

BB5 4WZ, UK

Contract No.: Q12/12-048 Report No.: PNE Q09-10-45 R002

Version V2, Revision R1, August 8, 2013

Iwan van Beurden - William M. Goble - Steven F. Close

© exida.com L.L.C. pne 09-10-45 r002 v2r1 iec 61508 assessment.doc, August 8, 2013 Iwan van Beurden - William M. Goble - Steven F. Close Page 2 of 19

Management Summary

This report summarizes the results of the functional safety assessment according to IEC 61508 carried out on the:

E*318**00H solenoid valves

The functional safety assessment performed by exida consisted of the following activities:

- exida assessed the development process used by pneumatrol through an audit and creation of a detailed safety case against the requirements of IEC 61508.

- exida performed a detailed Failure Modes, Effects, and Diagnostic Analysis (FMEDA) of the device to document the hardware architecture and failure behavior.

The functional safety assessment was performed to the requirements of IEC 61508, SIL 3. A full

IEC 61508 Safety Case was prepared, using the exida SafetyCaseDB tool, and used as the primary audit tool. Hardware process requirements and all associated documentation were reviewed. Environmental test reports were reviewed. Also the user documentation (safety manual) was reviewed.

The results of the Functional Safety Assessment can be summarized by the following statements:

The E*318**00H solenoid valves were found to meet the requirements of IEC 61508 for up to SIL 3 (SIL 3 Capable). The PFDAVG and architectural constraint requirements of the standard must be verified for each element of the safety function.

The manufacturer will be entitled to use the Functional Safety Logo.

The manufacturer

may use the mark:


Table of Contents

Management Summary ................................................................................................... 2

1 Purpose and Scope ................................................................................................... 4

2 Project management .................................................................................................. 5

2.1 exida ............................................................................................................................ 5

2.2 Roles of the parties involved ........................................................................................ 5

2.3 Standards / Literature used .......................................................................................... 5

2.4 Reference documents .................................................................................................. 5

2.4.1 Documentation provided by pneumatrol ............................................................. 5

2.4.2 Documentation generated by exida.................................................................... 7

3 Product Description .................................................................................................... 8

4 IEC 61508 Functional Safety Assessment ................................................................. 9

4.1 Methodology ................................................................................................................. 9

4.2 Assessment level ......................................................................................................... 9

4.3 Product Modifications ................................................................................................. 10

5 Results of the IEC 61508 Functional Safety Assessment ........................................ 11

5.1 Lifecycle Activities and Fault Avoidance Measures ..................................................... 11

5.1.1 Functional Safety Management ....................................................................... 11

5.1.2 Safety Requirements Specification and Architecture Design ............................ 12

5.1.3 Hardware Design ............................................................................................. 12

5.1.4 Validation ......................................................................................................... 13

5.1.5 Verification ....................................................................................................... 13

5.1.6 Modifications .................................................................................................... 13

5.1.7 User documentation ......................................................................................... 14

5.2 Hardware Assessment ............................................................................................... 15

6 Terms and Definitions .............................................................................................. 17

7 Status of the document ............................................................................................ 18

7.1 Liability ....................................................................................................................... 18

7.2 Releases .................................................................................................................... 18

7.3 Future Enhancements ................................................................................................ 19

7.4 Release Signatures .................................................................................................... 19


1 Purpose and Scope

This document shall describe the results of the IEC 61508 functional safety assessment of the pneumatrol:

E*318**00H solenoid valves by exida according to the requirements of IEC 61508: ed2, 2010.

The results of this provides the safety instrumentation engineer with the required failure data as per IEC 61508 / IEC 61511 and confidence that sufficient attention has been given to systematic failures during the development process of the device.


2 Project management

2.1 exida

exida is one of the world’s leading product certification and knowledge companies specializing in automation system safety and availability with over 200 years of cumulative experience in functional safety. Founded by several of the world’s top reliability and safety experts from

assessment organizations and manufacturers, exida is a partnership with offices around the world.

exida offers training, coaching, project oriented consulting services, internet based safety engineering tools, detail product assurance and certification analysis and a collection of on-line

safety and reliability resources. exida maintains a comprehensive failure rate and failure mode database on process equipment.

2.2 Roles of the parties involved

pneumatrol Manufacturer of the E*318**00H solenoid valves

exida Performed the IEC 61508 Functional Safety Assessment according to option 3 (see section 1)

pneumatrol contracted exida in May 2006 with the IEC 61508 Functional Safety Assessment of the above mentioned devices.

2.3 Standards / Literature used

The services delivered by exida were performed based on the following standards / literature.

[N1] IEC 61508 (Parts 1 - 7): 2000

Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems

2.4 Reference documents

2.4.1 Documentation provided by pneumatrol

[D1] pneumatrol ISO9001 2008 QA Manual, issue 8, 5/21/2013

pneumatrol BS EN ISO 9001 : 2008 Quality Manual

[D2] Design File 2 pneumatrol Design And Development File

[D3] Procedure 04, Issue 11 pneumatrol Procedure No. 0004 - Enquiry Processing

[D4] Procedure 05, Issue 13 pneumatrol Procedure No. 0005 - Contract Review Order Processing

[D5] Procedure 06, Issue 15 pneumatrol Procedure No. 0006 - Issue of Drawings and Specifications

[D6] Procedure 07, Issue 10 pneumatrol Procedure No. 0007 - Document Control

[D7] Procedure 14, Issue 6 pneumatrol Procedure No. 0014 - Control of Measuring and Monitoring Devices

[D8] Procedure 22, Issue 9 pneumarol Procedure No. 0022 - Customer Complaints /Returns


[D9] Procedure 23, Issue 6 pneumatrol Procedure No. 0023 - Non - Conforming Material and Products

[D10] Procedure 24, Issue 6 pneumatrol Procedure No. 0024 - Corrective and Preventative Action

[D11] Procedure 27, Issue 15 pneumatrol Procedure No. 0027 - Internal Audit

[D12] Procedure 28, Issue 9 pneumatrol Procedure No. 0028 - Personnel Training

[D13] Procedure 30, Issue 2 pneumatrol Procedure No. 0030 - Design & Development Planning

[D14] Procedure 120, Issue 1 BOM Change Procedure

[D15] QA0015, Issue 21 pneumatrol QA - Document/Engineering Change Note

[D16] QA0048, Issue 3 pneumatrol QA - Check List & Audit Report Form

[D17] QA0070, Issue 9 pneumatrol QA - Customer Returns Form

[D18] QA0073 pneumatrol QA - Concept Review Document

[D19] QA0074 pneumatrol QA - Feasibility Review Document

[D20] QA0075 pneumatrol QA - Capability Review Document

[D21] QA0077 pneumatrol QA - Route Card for Prototypes

[D22] QA0109 pneumatrol QA - Failure Modes, Effect and Criticality Analysis Template

[D23] Wi0008, Issue 5 pneumatrol Work Instruction 0008 - Calibration period identity procedure ( 6 & 12 Months ).

[D24] Wi0022, Issue 6 pneumatrol Work Instruction 0022 - In-process Inspection CNC Turning

[D25] Wi0045, Issue 7 pneumatrol Work Instruction 0045 - Final Inspection, Functional Testing all Assemblies

[D26] Wi0047, Issue 3 pneumatrol Work Instruction 0047 - Control of British Standards

[D27] Wi0061, Issue 6 pneumatrol Work Instruction 0061 - Receiving Inspection

[D28] Wi0066, Issue 3 pneumatrol Work Instruction 0066 - Assembly General Requirements

[D29] Wi0068, Issue 14 pneumatrol Work Instruction 0068 - Calibration due Plan

[D30] Wi0073, Issue 5 pneumatrol Work Instruction 0073 - In-process Inspection Sykes CNC Machine

[D31] Wi0074, Issue 8 pneumatrol Work Instruction 0074 - In-process Inspection Drills & Britans

[D32] Wi0076, Issue 1 pneumatrol Work Instruction 0076 - Machining Barrels,Piston Rods & Tie Rods

[D33] Wi0092, Issue 1 pneumatrol Work Instruction 0092 - Recall System

[D34] Wi0101, Issue 4 pneumatrol Work Instruction 0101 - Design and Development of Products


[D35] Wi0144, Issue 1 pneumatrol Work Instruction 0144 - Procedure for handling third party and joint product approvals

[D36] pneumatrol Test Specification Documents

Endurance Testing Flow Testing High Temperature Testing Low Temperature Testing Pull-in and Dropout Testing Response Time Testing

[D37] Skills Matrix Engineering Skills Matrix Engineering Department

[D38] Skills Matrix Quality Skills Matrix Quality Department

[D39] Risk Assessment Environmental Stress Evaluation

[D40] Timing plan example 3.doc Project Timescales example

[D41] C15p A5.pdf Installation and Maintenance – Product C15, ‘P’ Series (example)

[D42] SIL Safety Manual; V2, R0; May 19, 2013

Safety Manual E*318**00H solenoid valves

[D43] T205, Issue 1.0, 13/07/1995 Technis report, Demonstration of SIL 2 Safety-Integrity of the range of Solenoid And Spool Valves and of Future Developments at pneumatrol Electro-Pneumatics Ltd.

2.4.2 Documentation generated by exida

[R1] PNE Q091045_3-2_E31800H_FMEDA_R2, 7/31/2013

FMEDA report, pneumatrol E*318**00H solenoid valves

[R2] R pneumatrol 06-05-02 R003 v10 SafetyCase Review, 9/29/2006

pneumatrol IEC 61508 Compliance Assessment, SafetyCaseDB Review

[R3] pneumatrol 09-10-45 R002 v2r1 IEC 61508 Assessment.doc, 8/8/2013

IEC 61508 Functional Safety Assessment, pneumatrol E*318**00H solenoid valves (this report)


3 Product Description

The E*318**00H solenoid valves are 3-way solenoid valves. The E*318**00H solenoid valves incorporate elastomeric static seals through which a shaped spool moves. The 3-way valve is normally used for pilot control of other relay valves or for operation of single-acting cylinders.

The seal space assembly forms individual annular chambers opposite each valve port and the grooved spool either closes or allows flow between adjacent chambers, hence the position of the spool determines which ports are open or closed. The spool is moved by way of a mechanical operated mechanism, normally against a spring return.

The 3-way valve option was reviewed for the FMEDA. The E*318**00H solenoid valves are classified as Type A1 devices according to IEC 61508, having a hardware fault tolerance of 0.

pneumatrol, previously known as RGS Electro Pneumatics Limited, is the original designer of the Falcon Pneumatic Spool valves and manufacturer of the coils, spools and sealing kits. pneumatrol is the manufacturer of the valve body of the Falcon Pneumatic Spool valves.

1 Type A component: “Non-Complex” component with well-defined failure modes, for details see 7.4.3.1.2

of IEC 61508-2.


4 IEC 61508 Functional Safety Assessment

The IEC 61508 Functional Safety Assessment was performed based on the information received from pneumatrol and is documented in [R2].

4.1 Methodology

The full functional safety assessment includes an assessment of all fault avoidance and fault control measures during hardware and software development (if applicable) and demonstrates full compliance with IEC 61508 to the end-user. The assessment considers all requirements of IEC 61508. Any requirements that have been deemed not applicable have been marked as such in the full Safety Case report, e.g. software development requirements for a product with no software.

As part of the IEC 61508 functional safety assessment the following aspects have been reviewed:

Development process, including:

o Functional Safety Management, including training and competence recording, FSM planning, and configuration management

o Specification process, techniques and documentation

o Design process, techniques and documentation, including tools used

o Validation activities, including development test procedures, test plans and reports, production test procedures and documentation

o Verification activities and documentation

o Modification process and documentation

o Installation, operation, and maintenance requirements, including user documentation

Product design

o Hardware architecture and failure behavior, documented in a FMEDA

The review of the development procedures is described in section 4.3. The review of the product design is described in section 5.2.

4.2 Assessment level

The E*318**00H solenoid valves have been assessed per IEC 61508 to the following levels:

SIL 2 capability, single use (Hardware Fault Tolerance = 0)

SIL 3 capability, dual use (Hardware Fault Tolerance > 0)

The development procedures will be assessed as suitable for use in applications with a maximum Safety Integrity Level of 3 (SIL3) according to IEC 61508.


4.3 Product Modifications

pneumatrol may make modifications to this product as needed. Modifications shall be classified into two types:

Type 1 Modification: Changes requiring re-certification, which includes the re-design of safety functions or safety integrity functions.

Type 2 Modification: Changes allowed to be made by pneumatrol provided that:

A competent role from pneumatrol, appointed and agreed with exida, judges and approves the modifications. The role of Quality Manager is currently approved by exida to fulfill this role.

The modification documentation listed below is submitted prior to a renewal of the certification to exida for review of the decisions made by the competent person in respect to the modifications made.

o List of all anomalies reported

o List of all modifications completed

o Safety impact analysis which shall indicate with respect to the modification:

The initiating problem (e.g. results of root cause analysis)

The effect on the product / system

The elements/components that are subject to the modification

The extent of any re-testing

o List of modified documentation

o Regression test plans


5 Results of the IEC 61508 Functional Safety Assessment

exida assessed the development process used by pneumatrol for this development against the objectives of IEC 61508 parts 1 and 2. The assessment was done over a period of time from May 2006 through June 2006 and documented in a Safety Case, see [R2].

A surveillance audit was conducted in November 2009 and again in June 2013.

5.1 Lifecycle Activities and Fault Avoidance Measures

pneumatrol has a 3 stage development process (Concept, Feasibility, Capability) in place for product development with specific deliverables, reviews and approvals. This is documented in the Design and Development file [D2] used to specify each development project. The same process is used for modifications. No software is part of the design and therefore any requirements specific from IEC 61508 to software and software development do not apply.

This functional safety assessment has shown that the process sufficiently meets the requirements of IEC 61508, SIL 3. The assessment investigated the compliance with IEC 61508 of the processes, procedures and techniques as implemented for the pneumatrol development. The investigation was executed using subsets of the IEC 61508 requirements tailored to the SIL 3 work scope of the development team. The result of the assessment can be summarized by the following observations:

The audited pneumatrol development process complies with the relevant managerial requirements of IEC 61508 SIL 3.

5.1.1 Functional Safety Management

FSM Planning pneumatrol has a 3 stage development process (Concept, Feasibility, Capability) in place for product development with specific deliverables, reviews and approvals. This is documented in the Design and Development File [D2] used to specify each development project. The same process is used for modifications. This process and procedures referenced herein fulfill the requirements of IEC 61508 with respect to functional safety management.

Version Control All documents as called out for in Design and Development File are under version control per [D6]. Design drawings and documents are also under version control.

Training, Competency recording Personnel training records are kept per [D12]. The procedure and records were examined and found up-to-date and sufficient. pneumatrol hired exida to be the independent assessor per IEC 61508 and to provide specific IEC 61508 knowledge.


5.1.2 Safety Requirements Specification and Architecture Design

The first step for any new development is the creation of a Design Specification per the Design and Development File [D2]. The creation of the design specification is a combined effort by marketing and engineering. This ensures that the design requirements are understood correctly by engineering. The Design and Development file uses a template [D18] for the design specification which ensures completeness of the requirements. The template captures in detail all the requirements for the devices, such as critical functions, performance targets etc. exida reviewed the content of the specification for completeness per the requirements of IEC 61508.

As the valves are simple electro-mechanical devices, there is no need for a separate architecture design phase. The design concepts, which follow the design specification, will indicate if the design is new or based on an existing design.

Requirements as specified in the Design Specification are tracked through all development phases, simply by the fact that they are contained in the Design and Development file which guides a development project through all development lifecycle phases.

Items from IEC 61508-2, Table B.1 include project management, documentation, separation of safety requirements from non-safety requirements, structured specification, and inspection of the specification. As the function of the valve is simple and clearly defined there is no need for semi-formal methods such as functional block diagrams. The application is considered when specifying the requirements; the devices may be required to meet specific applications standards. This meets SIL 3.

5.1.3 Hardware Design

The hardware design process consists of two distinct phases: concept and feasibility. During the concept phase all possible solutions are reviewed and the most promising is detailed. At this time a Design and Development File will be created which contains requirements, test specifications, etc. The test specifications are considered equal to validation plan per IEC 61508.

In the feasibility phase, the design is further detailed and testing is performed on beta units. Design reviews are performed per the Design and Development File [D2]. pneumatrol has standards for documentation with specified output documents.

pneumatrol uses Autocad Lite and Design manager as development tools. Version numbers are listed and re-qualification is done when the tool vendor makes revisions. Re-qualification is done annually at the management review to ensure continued suitability. This meets SIL 3.

Items from IEC 61508-2, Table B.2 include observance of guidelines and standards, project management, documentation (design outputs are documented per the Design and Development File and other quality guidelines), structured design, modularization, use of well-tried components, and computer-aided design tools. This meets SIL 3.


5.1.4 Validation

Validation Testing is done via a set of documented tests, the pneumatrol Test Specification Documents [D36], as required by the Design and Development File [D2]. The tests are traceable to the requirements via the Design and Development File and are captures on form QA0076. In addition to standard Test Specification Documents third party testing may be included as part of agency approvals. As the E*318**00H solenoid valves are purely electro-mechanical devices with a simple safety function, there is no separate integration testing necessary. However, the solenoids do undergo several separate tests before valve body and solenoid are integrated; this is part of the pneumatrol Test Specification Documents. The E*318**00H solenoid valves perform only 1 safety function, which is extensively tested under various conditions during validation testing.

Procedures are in place for corrective actions to be taken when tests fail. Every run of the pneumatrol Test Specification Documents is documented in a test report and reviewed. The test reports are included in the Design and Development File for the project.

Items from IEC 61508-2, Table B.3 include functional testing, project management, documentation, and black-box testing (for the considered devices this is similar to functional testing). Field experience and statistical testing via regression testing are not applicable. This meets SIL 3.

Items from IEC 61508-2, Table B.5 included functional testing and functional testing under environmental conditions, project management, documentation, failure analysis (analysis on products that failed), and expanded functional testing and black-box testing. Interference surge immunity testing is not applicable and fault insertion testing is not feasible for these devices. Instead a detailed FMEDA was performed. This meets SIL 3.

5.1.5 Verification

The development and verification activities are defined in the Design and Development File [D2]. For each phase the objectives are stated, required input and output documents and review activities. QA forms are used to facility the verification activities at the concept, feasibility and capability stages, see [D18],[D19], and [D20] respectively. All verification activities are documented. Given the solenoids only perform a single safety function, this meets SIL 3.

5.1.6 Modifications

Modifications are done per the QA Document/Engineering Change Note Form [D15]. The D/ECN form subsequently becomes part of the Design and Development File. The D/ECN system allows the user to identify if the change affects functional safety. Affected documents and/or drawings are also listed. If design changes are identified as a result of an D/ECN, they are usually treated as a derived product and therefore the same general procedure is used for both new development and modifications. All design change requests are reviewed to determine if there is any negative impact on product safety. This review is done by both the assigned engineer and the appropriate engineering manager (others may be included in the review as necessary).

Bill of Material Changes are guided by Procedure 120 [D14]. The flowchart contains decision block which require approvals of the Engineering Manager and the Manufacturing Manager before release.

This meets SIL 3.


5.1.7 User documentation

pneumatrol creates Installation and Maintenance documentation for all solenoid valves, see [D41] for an example. Additionally, pneumatrol created a safety manual for the E*318**00H solenoid valves, see [D42]. This safety manual was assessed by exida. The final version is considered to be in compliance with the requirements of IEC 61508. The document includes all required operations, maintenance, and proof test procedures.

Items from IEC 61508-2, Table B.4 include operation and maintenance instructions, user friendliness, maintenance friendliness, project management, documentation, limited operation possibilities (valve performs well-defined action) and operation only by skilled operators (operators familiar with type of valve, although this is partly the responsibility of the end-user). This meets SIL 3.


5.2 Hardware Assessment

To evaluate the hardware design of the E*318**00H solenoid valves, a Failure Modes, Effects, and Diagnostic Analysis was performed by exida. This is documented in [R1].

A Failure Modes and Effects Analysis (FMEA) is a systematic way to identify and evaluate the effects of different component failure modes, to determine what could eliminate or reduce the chance of failure, and to document the system in consideration. An FMEDA (Failure Mode Effect and Diagnostic Analysis) is an FMEA extension. It combines standard FMEA techniques with extension to identify online diagnostics techniques and the failure modes relevant to safety instrumented system design.

From the FMEDA failure rates are derived for each important failure category. Table 1 lists these failure rates as reported in the FMEDA report. The failure rates are valid for the useful life of the devices. Based on pneumatrol endurance test data and general field failure data a useful life period of approximately 10 years is expected for the E*318**00H solenoid valves. This is listed in the FMEDA report.

Table 1 Failure rates according to IEC 61508

Device sd su2 dd du

3-way Falcon 0 359 0 404

3-way Falcon with PVST3 0 359 380 24

For SIL 2 applications, single use, the PFDAVG value of the Safety Instrumented Function needs to be ≥ 10-3 and < 10-2. The FMEDA reports list the percentage that the E*318**00H solenoid valves use of this budget. The solenoid valve uses <27% of this budget when a proof test is performed yearly. The E*318**00H solenoid valves minimally contribute to the overall PFDAVG of the Safety Instrumented Function when Partial Valve Stroke Testing is performed.

These results must be considered in combination with PFDAVG values of other devices of a Safety Instrumented Function (SIF) in order to determine suitability for a specific Safety Integrity Level (SIL). The Safety Manual states that the application engineer should calculate the PFDAVG for each defined safety instrumented function (SIF) to verify the design of that SIF.

The architectural constraints requirements of IEC 61508-2, Table 2 are also reviewed. The failure rate data used for this analysis meets the exida criteria for Route 2H. Therefore the E*318**00H Pneumatic 3-Way Spool Valve meets the hardware architectural constraints for up to SIL 2 with a single device when the listed failure rates are used. The E*318**00H Spool Valve also meets the hardware architectural constraints Route 2H when used with other Route 2H devices in an element for up to SIL 2 at HFT=0 when the listed failure rates are used.

For redundant use, common cause failures between the solenoid valves have to be considered. The user of the E*318**00H solenoid valves needs to determine the application specific common cause factor β. An estimation of the common cause factor is listed in the Safety Manual.

2 Note that the SU category includes failures that do not cause a spurious trip

3 PVST: Partial Valve Stroke Testing - Partial Valve Stroke testing of the SIF provides a full cycle test of the

solenoid valve


The Technis Assessment report for the E*318**00H solenoid valves includes a proven-in-use study. Field data (1 application), returns data, and laboratory test data was reviewed. Table 2 lists the results of the Field data and returns data evaluation. The laboratory test data is deemed not applicable, it doesn’t consider application environment nor is a cycle test applicable to low demand mode applications.

Table 2 Failure rates Technis report – field data and returns data

Data Source Total Failure rate

Field Data Evaluation 100 FIT

Returns Data Evaluation 90 FIT

When comparing this field and returns data to the FMEDA predicted results it can be concluded that the field experienced failure rates do not indicate any systematic problems with the E*318**00H solenoid valves.

The analysis shows that design of the E*318**00H solenoid valves meets the hardware requirements of IEC 61508, SIL 2 when used as a single final element (HFT = 0) and IEC 61508, SIL 3 for redundant use (HFT > 0).


6 Terms and Definitions Fault tolerance Ability of a functional unit to continue to perform a required function in the

presence of faults or errors (IEC 61508-4, 3.6.3)

FIT Failure In Time (1x10-9 failures per hour)

FMEDA Failure Mode Effect and Diagnostic Analysis

HFT Hardware Fault Tolerance

Low demand mode Mode, where the frequency of demands for operation made on a safety-related system is no greater than one per year and no greater than twice the proof test frequency.

PFDAVG Average Probability of Failure on Demand

SFF Safe Failure Fraction summarizes the fraction of failures, which lead to a safe state and the fraction of failures which will be detected by diagnostic measures and lead to a defined safety action.

SIF Safety Instrumented Function

SIL Safety Integrity Level

SIS Safety Instrumented System – Implementation of one or more Safety Instrumented Functions. A SIS is composed of any combination of sensor(s), logic solver(s), and final element(s).

Type A (sub)system “Non-Complex” (sub)system (using discrete elements); for details see 7.4.3.1.2 of IEC 61508-2

Type B (sub)system “Complex” (sub)system (using micro controllers or programmable logic); for details see 7.4.3.1.3 of IEC 61508-2


7 Status of the document

7.1 Liability

exida prepares reports based on methods advocated in International standards. Failure rates are

obtained from a collection of industrial databases. exida accepts no liability whatsoever for the use of these numbers or for the correctness of the standards on which the general calculation methods are based.

This report supersedes all previous report: pneumatrol Q06-05-02 R002 and pneumatrol Q09-10-45 R002.

7.2 Releases

Version: V2

Revision: R1

Version History: V2, R1: Updated as a result of June 2013 surveillance audit, S. Close, August 1, 2013

V1, R1: First Release, December 1, 2009

Authors: Iwan van Beurden - William M. Goble - Steven F. Close – Steven Close (Nov 30, 2009)

Review: V1, R1: William M. Goble

Release status: Released to customer


7.3 Future Enhancements

At request of client.

7.4 Release Signatures

Ir. Iwan van Beurden, Senior Safety Engineer

Dr. William M. Goble, Principal Partner

Ir. Rachel Amkreutz, Safety Engineer

Steven Close, Senior Safety Engineer