Must Devices Be Certified for Use in Safety Instrumented Systems?

Must Devices Be Certified for Use in SIS?

The simple answer is “no,” but people keep asking for them anyway. Why is this? There are several reasons.

It is a requirement of the standard (ISA 84 / IEC 61511) to verify the performance of a safety instrumented function with a calculation. Such calculations require failure rate data. There are many different sources of failure rate data, some better than others.

The potentially best source of failure rate data is end user maintenance records. Such information is vendor, application, and maintenance practice specific. Unfortunately, many end users admit their maintenance records are incomplete and do not provide useful data.

Devices that go through certification against IEC 61508 have a failure mode, effects, and diagnostic analysis performed. One of the outputs of such a study is failure rate data. However, this failure rate data does not always compare well with published maintenance record data, and may not include all failures that are typically considered in maintenance records (e.g., plugged impulse line, temperature extremes, shock and vibration, corrosion, etc).

Some published failure rates on some certificates are unreasonably optimistic, and some are based on cycle testing (e.g., cycling a solenoid 12 million times). Failure rates based on cycle testing is only appropriate for high demand (machinery) applications, not low demand process industry applications. Unfortunately, many do not seem to read the fine print of the certificates to realize – or even understand – the differences.

The other option besides using certified devices is to justify the use of standard devices based on “prior-use”. Simply stating “we’ve been using this device for the last 15 years” is not enough to meet the requirements of prior-use. Prior use requires documented, defensible, and statistically significant failure rate data to show that the devices will meet the required level of performance.

Once again, many end users admit they do not have the documented evidence to fully justify the prior-use criteria. However, the lack of current data should not prevent users from starting to track such data, for it has always been a requirement of the standard to do so, and there are software packages to help make this easier.

Certified devices have gone through an independent review against the requirements of IEC 61508. It shows that the device manufacturer has specified, developed, manufactured, managed and maintained the device (and software) according to stringent internationally accepted requirements. This is certainly a good thing, but this alone is not enough for the user to claim compliance with their implementation standard.

So, the use of certified devices means users do not have to go through prior-use justification, and they do not need their own failure rate data to perform the calculations. However, just because a device is certified does not mean it will work in your particular application, nor does it mean the failure rate data is appropriate. The use of certified devices does not absolve the designer from meeting all the other requirements in their implementation standard. Designers must be competent and qualified enough to realize whether the device is suitable, and whether the published failure rates are reasonable.

 Please visit our web site to learn more about process safety.

Paul Gruhn
Posted July 20, 2015 By Paul Gruhn, Global Process Safety Consultant, Rockwell Automation
  • Contact:

Blog

The Rockwell Automation Blog helps our employees and guest bloggers share technology and industry-related trends with you. Be sure to sign up for bimonthly updates with the latest posts.