Recent ActivityRecent Activity

Must Devices Be Certified for Use in Safety Instrumented Systems?

Main Image

The simple answer is “no,” but people keep asking for them anyway. Why is this? There are several reasons.

It is a requirement of the standard (ISA 84 / IEC 61511) to verify the performance of a safety instrumented function with a calculation. Such calculations require failure rate data. There are many different sources of failure rate data, some better than others.

The potentially best source of failure rate data is end user maintenance records. Such information is vendor, application, and maintenance practice specific. Unfortunately, many end users admit their maintenance records are incomplete and do not provide useful data.

Devices that go through certification against IEC 61508 have a failure mode, effects, and diagnostic analysis performed. One of the outputs of such a study is failure rate data. However, this failure rate data does not always compare well with published maintenance record data, and may not include all failures that are typically considered in maintenance records (e.g., plugged impulse line, temperature extremes, shock and vibration, corrosion, etc).

Some published failure rates on some certificates are unreasonably optimistic, and some are based on cycle testing (e.g., cycling a solenoid 12 million times). Failure rates based on cycle testing is only appropriate for high demand (machinery) applications, not low demand process industry applications. Unfortunately, many do not seem to read the fine print of the certificates to realize – or even understand – the differences.

The other option besides using certified devices is to justify the use of standard devices based on “prior-use”. Simply stating “we've been using this device for the last 15 years” is not enough to meet the requirements of prior-use. Prior use requires documented, defensible, and statistically significant failure rate data to show that the devices will meet the required level of performance.

Once again, many end users admit they do not have the documented evidence to fully justify the prior-use criteria. However, the lack of current data should not prevent users from starting to track such data, for it has always been a requirement of the standard to do so, and there are software packages to help make this easier.

Certified devices have gone through an independent review against the requirements of IEC 61508. It shows that the device manufacturer has specified, developed, manufactured, managed and maintained the device (and software) according to stringent internationally accepted requirements. This is certainly a good thing, but this alone is not enough for the user to claim compliance with their implementation standard.

So, the use of certified devices means users do not have to go through prior-use justification, and they do not need their own failure rate data to perform the calculations. However, just because a device is certified does not mean it will work in your particular application, nor does it mean the failure rate data is appropriate. The use of certified devices does not absolve the designer from meeting all the other requirements in their implementation standard. Designers must be competent and qualified enough to realize whether the device is suitable, and whether the published failure rates are reasonable.

Please visit our web site to learn more about process safety.

Paul Gruhn
Paul Gruhn
Global Process Safety Consultant, Rockwell Automation
Paul Gruhn

Subscribe to Rockwell Automation and receive the latest news, thought leadership and information directly to your inbox.

Recommended For You