IEC 61508 Assessment - exida€¦ · IEC 61508 Functional Safety Assessment Project: Shear Seal Ram Actuator (SSR) Customer: NOV Texas Oil Tools Conroe, TX USA Contract Number: Q12/09-041

The document was prepared using best effort. The authors make no warranty of any kind and shall not be liable in any event for incidental or consequential damages in connection with the application of the document.

© All rights reserved.

idae®

Certification Services

IEC 61508 Functional Safety Assessment

Project:

Shear Seal Ram Actuator (SSR)

Customer:

NOV Texas Oil Tools Conroe, TX

USA

Contract Number: Q12/09-041

Report No.: TOT 12/09-041 R001

Version V1, Revision R1, June 25, 2013

Steven Close

© exida Q12-09-041 R001 V1R1 SSR Assessment Report.doc

T-023 V2R2www.exida.com Page 2 of 17

Management summary

This report summarizes the results of the functional safety assessment according to IEC 61508 carried out on the SSR Actuator

The functional safety assessment performed by exida consisted of the following activities:

- exida assessed the development process used by NOV Texas Oil Tools by an on-site audit and creation of a safety case against the requirements of IEC 61508.

- exida performed a detailed Failure Modes, Effects, and Diagnostic Analysis (FMEDA) of the devices to document the hardware architecture and failure behavior.

- exida reviewed field failure data to ensure that the FMEDA analysis was complete.

- exida reviewed the manufacturing quality system in use at TOT.

The functional safety assessment was performed to the requirements of IEC 61508: ed2, 2010, SIL

3 for mechanical components. A full IEC 61508 Safety Case was prepared, using the exida

SafetyCaseDB tool, and used as the primary audit tool. Hardware process requirements and all associated documentation were reviewed. Environmental test reports were reviewed. Also the user documentation (safety manual) was reviewed.

The results of the Functional Safety Assessment can be summarized as:

The TOT Shear Seal Ram Actuator (SSR) was found to meet the requirements of IEC 61508 for up to SIL 3 (SIL 3 Capable). The PFDAVG and architectural constraint requirements of the standard must be verified for each element of the safety function.

The manufacturer will be entitled to use the Functional Safety Logo.

The manufacturer

may use the mark:



Table of Contents

Management summary .................................................................................................... 2

1 Purpose and Scope ................................................................................................... 4

2 Project management .................................................................................................. 5

2.1 exida ............................................................................................................................ 5

2.2 Roles of the parties involved ........................................................................................ 5

2.3 Standards / Literature used .......................................................................................... 5

2.4 Reference documents .................................................................................................. 5

2.4.1 Documentation provided by NOV Texas Oil Tools ............................................. 5

2.4.2 Documentation generated by exida ................................................................... 8

3 Product Descriptions .................................................................................................. 9

4 IEC 61508 Functional Safety Assessment ............................................................... 10

4.1 Methodology .............................................................................................................. 10

4.2 Assessment level ....................................................................................................... 10

4.3 Product Modifications ................................................................................................. 11

5 Results of the IEC 61508 Functional Safety Assessment ........................................ 12

5.1 Open Issues ............................................................................................................... 12

5.2 Lifecycle Activities and Fault Avoidance Measures .................................................... 12

5.2.1 Functional Safety Management ....................................................................... 12

5.2.2 Safety Requirements Specification and Architecture Design ............................ 13

5.2.3 Hardware Design ............................................................................................. 13

5.2.4 Validation ......................................................................................................... 13

5.2.5 Verification ....................................................................................................... 14

5.2.6 Proven In Use .................................................................................................. 14

5.2.7 Modifications ................................................................................................... 14

5.2.8 User documentation......................................................................................... 14

5.3 Hardware Assessment ............................................................................................... 14

6 Terms and Definitions .............................................................................................. 16

7 Status of the Document ........................................................................................... 17

7.1 Liability ....................................................................................................................... 17

7.2 Releases .................................................................................................................... 17

7.3 Future Enhancements ................................................................................................ 17

7.4 Release Signatures .................................................................................................... 17



1 Purpose and Scope

This document shall describe the results of the IEC 61508 functional safety assessment of the NOV Texas Oil Tools:

Shear Seal Ram Actuator

by exida according to the requirements of IEC 61508: ed2, 2010.

The results of this provides the safety instrumentation engineer with the required failure data as per IEC 61508 / IEC 61511 and confidence that sufficient attention has been given to systematic failures during the development process of the device.



2 Project management

2.1 exida

exida is one of the world’s leading accredited Certification Bodies and knowledge companies specializing in automation system safety and availability with over 300 years of cumulative experience in functional safety. Founded by several of the world’s top reliability and safety experts

from assessment organizations and manufacturers, exida is a global company with offices around

the world. exida offers training, coaching, project oriented system consulting services, safety lifecycle engineering tools, detailed product assurance, cyber-security and functional safety

certification, and a collection of on-line safety and reliability resources. exida maintains a comprehensive failure rate and failure mode database on process equipment.

2.2 Roles of the parties involved

NOV Texas Oil Tools Manufacturer of the Shear Seal Ram Actuator (SSR)

exida Performed the hardware assessment

exida Performed the IEC 61508 Functional Safety Assessment according.

TOT contracted exida in November 2012 for the IEC 61508 Functional Safety Assessment of the above mentioned devices.

2.3 Standards / Literature used

The services delivered by exida were performed based on the following standards / literature.

[N1] IEC 61508 (Parts 1 - 7): 2010 Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems

2.4 Reference documents

2.4.1 Documentation provided by NOV Texas Oil Tools

Document ID Description

[D1] 424334-1; 12/16/2011 Manufacturing Record Book SSR Actuator Assembly

[D2] Certs; Certificates

[D3] D601001380; Rev L; 5/29/2012

Quality Manual

[D4] D601001381; Rev 05; 8/1/2012

List of Quality Management Procedures

[D5] D601001383 Minutes; n/a; 5/18/2012

Management Review Meeting - Sample Meeting Minutes

[D6] D601001383; Rev 02; 11/1/2011

Procedure for Management Review



[D7] D601001386; Rev 02; 11/1/2011

Procedure for Control of Documents

[D8] D601001387; Rev 02; 11/1/2011

Control of Records

[D9] D601001389; Rev 02; 11/1/2011

Notification of Changes Effecting the QMS

[D10] D601001390; Rev 03; 11/1/2011

Calibration System

[D11] D601001392; Rev 02; 11/1/2011

Inspection / Testing

[D12] D601001393; Rev 03; 8/1/2012

Corrective Action Procedure

[D13] D601001395; Rev 04; 11/1/2011

Control of Nonconforming Product

[D14] D601001396; Rev 02; 11/1/2011

Preventive Action Procedure

[D15] D601001399; Rev 02; 11/1/2011

Project Quality Requirements Planning

[D16] D601001400; Rev 02; 11/1/2011

Customer Feedback

[D17] D601001404; Rev 03; 11/1/2011

Internal Audits

[D18] D601001405; Rev 03; 11/1/2011

Review of Controlled Documents

[D19] D601001406; Rev 03; 8/1/2012

Statistical Techniques

[D20] D601001407; Rev 02; 11/1/2011

Identification and Preservation of Manufactured Equipment

[D21] D601001408; Rev 03; 11/1/2011

Procedure for Procurement Control

[D22] D601001411; Rev 03; 11/1/2011

Procedure for Preparation, Use and Control of Production Planning

[D23] D601001412; Rev 02; 11/1/2009

Procedure for Outsourced Processes

[D24] D601001415; Rev 01; 5/1/2008

Procedure for Receiving

[D25] D601001416; Rev 01; 5/1/2008

Procedure for Manufacturing Process Control

[D26] D601001418; Rev 01; 11/1/2011

Service and Recertification



[D27] D601001419; Rev 02; 11/1/2009

Procedure for Design Control, Verification and Validation

[D28] D601001420; Rev 03; 11/1/2011

Engineering Procedures, Specifications and Drawings

[D29] D601001421; Rev 03; 11/1/2011

Submitting an EN

[D30] D601001423; Rev 03; 11/1/2011

Submitting an ECR

[D31] D601001424; Rev 02; 11/1/2011

Field Nonconformance Reporting

[D32] D601001426; Rev 03; 11/1/2011

Prototype Development

[D33] D601001427; Rev 04; 11/1/2011

Management of Training Records

[D34] D601001454; 12/11/2012 Approved Supplier Index

[D35] D601001472; Rev 7; 6/12/2008

RECEIVING INSPECTION

[D36] D601001477; Rev 07; 10/27/2004

QUALITY INSPECTION/NONCONFORMANCE REPORTS

[D37] D601001806; 11/10/2012 Example Design File for the SSR Actuator

[D38] D601001806L-T; 5/20/2011 Laggan & Tormore Verification (Design File)

[D39] D601005606; Rev 03; 10/15/2012

SUBSEA PROJECT CHECKLIST

[D40] D601009072; 11/14/2012 Meeting Minutes / Action Items Tracking PPM Statfjord

[D41] D601010470-TPL-001, Rev 01, 6/10/2013

Impact Analysis

[D42] D60EIA56; Rev 01; 6/25/2012 ECHT- EIA56 QUALIFICATION TESTING - QUALIFICATION CHART

[D43] ECR Sample; Sample Engineering Change request

[D44] Internal Audit Report; 5/1/2012

Sample Internal Audit Report

[D45] ISO Checklist; ISO Audit Checklist

[D46] M60EI54-ACT17L-PRO-001; Rev 01; 2/22/2011

ATEI-QAL03-PR2 CYC TEST EI54 SSR - Cycle test Procedure (L&T)

[D47] M60EI54-ACT17L-PRO-003; Rev 05; 10/27/2011

Test Procedure

[D48] M60EI54-ACT21L SAFETY MANUAL, TECH-FMC STATFJORD SSR SAFETY

[D49] M60EI54-ACT21L; 4/23/2013 ACTUATOR ASM, SSR FMC STATFJORD, Design Verification



[D50] M60EI54-ACT21L–ASM-001, Rev 05, 5/7/2013

Test Procedure

[D51] M60EI54-ACT21L-MAN-001; Rev 02; 5/30/2012

Technical Manual - TECH-5.12 10K EI54 SSR STATFJORD

[D52] Master Feedback Log; n/a; 12/10/2012

Master Feedback Log

[D53] PPT; 8/14/2012 NOV Texas Oil Tools Overview

[D54] PSB-082; 2/1/2006 Product Service Bulletin

[D55] QM TOT-0300-4200-09; n/a; Training Matrix Form

[D56] QM-0099; Rev 3; Quaility Inspection/Nonconformance Report Examples

[D57] QMS Audit Checklist; QMS Audit Checklist

[D58] R001; V0, R1; 12/6/2012 Draft SSR FMEDA Report

[D59] Shop Routing; 1/24/2012 Manual Pick List

[D60] SPC60060061; Rev B; 11/1/2010

SPECIFICATION, SUBSEA - COMPLETION & WORKOVER, SHEAR SEAL RAM ASSEMBLY 5 1/8 INCH - 10K - Laggan & Tormore Project

[D61] SPC60066313; Rev A; 9/30/2011

RAM, SHEAR SEAL ASSY, 5.12, 10K WP, 3K HYDRAULICS, SINGLE CIRCUIT - Requirements (FMC)

[D62] SPC60089814; Rev A; 10/23/2012

Safety Requirements Specification - FMC

[D63] Standards; n/a; List of applicable Agency Standards -Agency Approval Certificates

[D64] Supplier Audit Report; 42612; 4/26/2012

Supplier Audit Report Sample

[D65] Tools; List of Design Tools used (e.g., AutoCad, Pro-E); revision; how long used

[D66] ZZRP-0201; Rev G; 11/2/2002 Test Report ZZRP-0201

2.4.2 Documentation generated by exida

[R1] Q12-07-111 R001 V1R3 SSR Actuator_FMEDA Report.pdf

FMEDA report, Shear Seal Ram Actuator

[R2] TOT Compliance MergedIEC 61508 Gap Reportr2.docx

IEC 61508 Site Audit Report, NOV Texas Oil Tools

[R3] Q12-07-111 TOT SSR SafetyCaseDB IEC61508 R1.esc

IEC 61508 SafetyCaseDB for Shear Seal Ram Actuator (SSR)

[R4] Q12-09-041 R001 V1R1 SSR Assessment Report.doc, June 25, 2013

IEC 61508 Functional Safety Assessment, NOV Texas Oil Tools Shear Seal Ram Actuator (SSR) (this report)



3 Product Descriptions

The Shear Seal Ram Actuator is designed to be used at 10,000 psi working pressure at temperatures from -20oF to 250oF. The function of the SSR Actuator is to prevent blowout of oil and gas wells. The SSR Actuator is fitted with rams that are design to shear through pipe and affect a seal of the well. The SSR Actuator includes a locking mechanism that locks the rams in place so that a loss of hydraulic pressure to the rams will not cause the rams to retract.

The SSR Actuator set consists of the following basic components:

1 Shear/Seal Ram Cylinder Assembly R.H.

1 Shear/Seal Ram Cylinder Assembly L.H.

1 Autolock Assembly R.H

1 Autolock Assembly L.H.

Hydraulic Assembly

On a trip command, Hydraulic Pressure forces the rams to close; shearing of the work string takes place between the upper and lower blades. After shearing is complete, continued travel of both rams to the body center causes the leading edge of the right hand blade to engage the elastomeric sealing area in the left-hand insert and affect a wellbore pressure seal from below. Once the seal is obtained, the pressure from below acts to keep the rams closed and maintains the seal. Pressure above the ram acts in the opposite direction, which tends to open the rams and break the seal. Accordingly, the rams are uni-directional and designed to seal pressure from below only. Once the ram fully closes, hydraulic pressure acts on the Autolock mechanism forcing it into the lock position. The mechanical lock prevents the rams from opening in the event hydraulic pressure is lost.

The safe state for the SSR Actuator is when the Shear/Seal Ram is fully closed.

Figure 1 shows on side of the SSR Actuator.

Figure 1 SSR Actuator, one side.



4 IEC 61508 Functional Safety Assessment

The IEC 61508 Functional Safety Assessment was performed based on the information received from NOV Texas Oil Tools and is documented in this report.

4.1 Methodology

The full functional safety assessment includes an assessment of all fault avoidance and fault control measures during hardware development and demonstrates full compliance with IEC 61508 to the end-user. The assessment considers all requirements of IEC 61508. Any requirements that have been deemed not applicable have been marked as such in the full Safety Case report, e.g. software development requirements for a product with no software. The assessment also includes a review of existing manufacturing quality procedures to ensure compliance to the quality requirements of IEC 61508.

As part of the IEC 61508 functional safety assessment the following aspects have been reviewed:

Development process, including:

o Functional Safety Management, including training and competence recording, FSM planning, and configuration management

o Specification process, techniques and documentation

o Design process, techniques and documentation, including tools used

o Validation activities, including development test procedures, test plans and reports, production test procedures and documentation

o Verification activities and documentation

o Modification process and documentation

o Installation, operation, and maintenance requirements, including user documentation

o Manufacturing Quality System

Product design

o Hardware architecture and failure behavior, documented in a FMEDA

The review of the development procedures is described in section 5.2. The review of the product design is described in section 5.3.

4.2 Assessment level

The SSR Actuator has been assessed per IEC 61508 to the following levels:

SIL 3 capability

The development procedures have been assessed as suitable for use in applications with a maximum Safety Integrity Level of 3 (SIL3) according to IEC 61508.



4.3 Product Modifications

NOV Texas Oil Tools may make modifications to this product as needed. Modifications shall be classified into two types:

Type 1 Modification: Changes requiring re-certification, which includes the re-design of safety functions or safety integrity functions.

Type 2 Modification: Changes allowed to be made by NOV Texas Oil Tools provided that:

A competent position from NOV Texas Oil Tools, appointed and agreed with exida, judges and approves the modifications. The position of Senior Engineer is qualified to judge and approve modifications.

The modification documentation listed below is submitted prior to a renewal of the certification to exida for review of the decisions made by the competent person in respect to the modifications made.

o List of all anomalies reported

o List of all modifications completed

o Safety impact analysis which shall indicate with respect to the modification:

The initiating problem (e.g. results of root cause analysis)

The effect on the product / system

The elements/components that are subject to the modification

The extent of any re-testing

o List of modified documentation

o Regression test plans



5 Results of the IEC 61508 Functional Safety Assessment

exida assessed the development process used by NOV Texas Oil Tools for these products against the objectives of IEC 61508 parts 1 - 7. The assessment was done on-site at the Conroe, TX facility on December 10-11, 2012 and documented in the SafetyCase [R3].

5.1 Open Issues

The overall process is strong. Some areas of improvement were identified in the design process and some of the design procedures and forms were upgraded during the project. All of the improvements were evaluated and included in the final version of the SafetyCase.

5.2 Lifecycle Activities and Fault Avoidance Measures

NOV Texas Oil Tools has a defined product lifecycle process in place. This is documented in the Quality Management System Manual [D3] and various Quality Procedures [D6]-[D41]. Every customer job goes through the complete design process. A documented modification process is also covered in the Quality Manual and is described in more detail in procedures D601001421, “Submitting an Engineering Notice” and D601001423, Submitting an Engineering Change Request. No software is part of the design and therefore any requirements specific from IEC 61508 to software and software development do not apply.

The assessment investigated the compliance with IEC 61508 of the processes, procedures and techniques as implemented for product design and development. The investigation was executed using subsets of the IEC 61508 requirements tailored to the SIL 3 work scope of the development team. The defined product lifecycle process was modified as a result of the audit which showed some areas for improvement. The result of the assessment can be summarized by the following observations:

The audited NOV Texas Oil Tools design and development process complies with the relevant managerial requirements of IEC 61508 SIL 3.

5.2.1 Functional Safety Management

The SSR Actuator manufactured by TOT is not built for inventory. These actuators are built-to-order. The basic designs are standardized, but each order can have trim and materials variations or specific customer requested proof tests. Due to the specialized nature of each actuator, documentation that defines all of the requirements is generated for every order as part of the process.

FSM Planning

NOV Texas Oil Tools has a defined process in place for product design and development. Required activities are specified along with review and approval requirements. This is primarily documented in section 7 of their Quality Manual [D3] and in greater detail in procedure D601001419, “Procedure for Control, Verification and Validation” [D27]. Templates and sample documents were reviewed and found to be sufficient. The modification process is described in section 7.3.7 of the Quality Manual and in more specific terms on procedures D601001421 [D29] and D601001423 [D30]. The process and the procedures referenced therein fulfill the requirements of IEC 61508 with respect to functional safety management for a product with simple complexity and well defined safety functionality.



Version Control

Procedure D601001420 [D28] requires that all design documents be under document control. Version control of quality documents is required by Procedure D601001386 [D7]. Use of these procedures to control revisions was evident during the audit.

Training, Competency recording

Section 6.2.2 of the Quality Manual addresses training, competency and awareness. The Human Resource department to maintain training records of education, experience, training and qualifications for all personnel. It is the responsibility of each department manager or supervisor to verify the competency of each employee. Training needs will be noted on the training matrix based upon job description. Managers and Supervisors will be responsible to provide training certificates, training and competency documents to the HR and HSE departments upon completion to be retained in employee file.

The procedures and records were examined and found up-to-date and sufficient. TOT hired exida to be the independent assessor per IEC 61508 and to provide specific IEC 61508 knowledge.

5.2.2 Safety Requirements Specification and Architecture Design

For the Shear Seal Ram Actuator (SSR), the simple primary functionality is the same as the safety functionality of the product. Therefore no special Safety Requirements Specification was needed. The normal functional requirements were sufficient.

General Design and testing methodology is documented and required as part of the design process. This meets SIL 3.

5.2.3 Hardware Design

The design process is documented in Procedure D601001419 [D27]. Items from IEC 61508-2, Table B.2 include observance of guidelines and standards, project management, documentation (design outputs are documented per quality procedures), structured design, modularization, use of well-tried components / materials, and computer-aided design tools. This meets SIL 3.

5.2.4 Validation

Validation Testing is documented in the Manufacturer’s Record Book which is created for each order. The manufacturing record contains all information regarding the manufacturing of the SSR Actuator. This includes certs, documentation and test results. The test plan includes testing per all standard and customer performance requirements. As the Shear Seal Ram Actuator (SSR) are purely mechanical devices with an easily defined safety function, there is no separate integration testing necessary. The SSR Actuator performs a shear and seal Safety Function, which is extensively tested under various conditions during validation testing.

Items from IEC 61508-2, Table B.3 include functional testing, project management, documentation, and black-box testing (for the considered devices this is similar to functional testing). Field experience and statistical testing via regression testing are not applicable. This meets SIL 3.

Items from IEC 61508-2, Table B.5 included functional testing and functional testing under environmental conditions, project management, documentation, failure analysis (analysis on products that failed), expanded functional testing, black-box testing, and fault insertion testing. This meets SIL 3.



5.2.5 Verification

The design certification activities are defined in Section 4.7 of Procedure D601001419 [D27]. Design verification of the SSR Actuator is done using the distortion energy method. The results are documented in the design file for the project. For each design phase the objectives are stated, required input and output documents and review activities. This meets SIL 3.

5.2.6 Proven In Use

The SSR Actuator does not meet the exida criteria for Proven in Use.

5.2.7 Modifications

Modifications are initiated Procedure D601001423 [D30], “Submitting an ECR”. SIL related drawings are identified with a note specifying that any modifications must go through an impact analysis per Procedure D601010470, Impact Analysis [D41]. All changes are first reviewed and analyzed for their impact on the safety function before being approved. If the ECR is Approved, Engineering completes the necessary EN’s and approves the ECR using the Adobe Lifecycle Workspace which will automatically log the ECR in Teamcenter. Modifications are tracked through Teamcenter. Measures to verify and validate the change are developed following the normal design process. This meets SIL 3.

5.2.8 User documentation

NOV Texas Oil Tools creates the following user documentation: product catalogs, a Technical Manual [D51] and a Safety Manual [D48]. The Safety Manual was found to contain all of the required information. The Safety Manual references the FMEDA reports which are available and contain the required failure rates, failure modes, useful life, and suggested proof test information.

Items from IEC 61508-2, Table B.4 include operation and maintenance instructions, user friendliness, maintenance friendliness, project management, documentation, limited operation possibilities (Shear Seal Ram Actuator (SSR) perform well-defined actions) and operation only by skilled operators (operators familiar with type of valve, although this is partly the responsibility of the end-user). This meets SIL 3.

5.3 Hardware Assessment

To evaluate the hardware design of the SSR Actuator Failure Modes, Effects, and Diagnostic

Analysis’s were performed by exida. These are documented in [R1].

A Failure Modes and Effects Analysis (FMEA) is a systematic way to identify and evaluate the effects of different component failure modes, to determine what could eliminate or reduce the chance of failure, and to document the system in consideration. An FMEDA (Failure Mode Effect and Diagnostic Analysis) is an FMEA extension. It combines standard FMEA techniques with extension to identify online diagnostics techniques and the failure modes relevant to safety instrumented system design.

From the FMEDA, failure rates are derived for each important failure category. All failure rate analysis results and useful life limitations are listed in the FMEDA report [R1]. Tables in the FMEDA report list these failure rates for the Shear Seal Ram Actuator (SSR) under its intended application. The failure rates listed are valid for the useful life of the device.

Note, as the Shear Seal Ram Actuator (SSR) are only one part of a (sub)system, the SFF should be calculated for the entire final element combination.



These results must be considered in combination with PFDAVG values of other devices of a Safety Instrumented Function (SIF) in order to determine suitability for a specific Safety Integrity Level (SIL). The architectural constraints requirements of IEC 61508-2, Table 2 also need to be evaluated for each final element application. It is the end users responsibility to confirm this for each particular application and to include all components of the final element in the calculations.

The analysis shows that the design of the Shear Seal Ram Actuator (SSR) can meet the hardware requirements of IEC 61508, SIL 2 depending on the complete final element design. The Hardware Fault Tolerance, PFDAVG, and Safe Failure Fraction requirements of IEC 61508 must be verified for each specific design.



6 Terms and Definitions

Fault tolerance Ability of a functional unit to continue to perform a required function in the presence of faults or errors (IEC 61508-4, 3.6.3)

FIT Failure In Time (1x10-9 failures per hour)

FMEDA Failure Mode Effect and Diagnostic Analysis

HFT Hardware Fault Tolerance

Low demand mode Mode, where the demand interval for operation made on a safety-related system is greater than twice the proof test interval..

PFDAVG Average Probability of Failure on Demand

PVST Partial Valve Stroke Test

It is assumed that the Partial Stroke Testing, when performed, is automatically performed at least an order of magnitude more frequent than the proof test, therefore the test can be assumed an automatic diagnostic. Because of the automatic diagnostic assumption the Partial Valve Stroke Testing also has an impact on the Safe Failure Fraction.

SFF Safe Failure Fraction summarizes the fraction of failures, which lead to a safe state and the fraction of failures which will be detected by diagnostic measures and lead to a defined safety action.

SIF Safety Instrumented Function

SIL Safety Integrity Level

SIS Safety Instrumented System – Implementation of one or more Safety Instrumented Functions. A SIS is composed of any combination of sensor(s), logic solver(s), and final element(s).

Type A element “Non-Complex” element (using discrete components); for details see 7.4.4.1.2 of IEC 61508-2

Type B element “Complex” element (using complex components such as micro controllers or programmable logic); for details see 7.4.4.1.3 of IEC 61508-2



7 Status of the Document

7.1 Liability

exida prepares reports based on methods advocated in International standards. exida accepts no liability whatsoever for the use of this report or for the correctness of the standards on which the general calculation methods are based.

7.2 Releases

Version: V1

Revision: R1

Version History: V1,R1: Release to NOV Texas Oil Tools, June 25, 2013

V0, R2: Draft; May 23, 2013, Added document D65

V0, R1: Draft; May 22, 2013

Authors: Steven Close

Review: V0, R2: Griff Francis (exida); June 25, 2013

Release status: Released

7.3 Future Enhancements

At request of client.

7.4 Release Signatures

Steven F. Close, Senior Safety Engineer

Griff Francis, Senior Safety Engineer