Thursday, 5 January 2017

There is always a dilemma for users as to whether it is a mandatory requirement to use a third party certified tool when configuring a safety instrumented system (SIS). Current experience suggests there are increasing market demands for such 'certified tools' in order to configure the devices that form part of a SIS.

Certification in this context is the level of confidence that is attributed within the developmental process of the tool. These levels can be typically categorized as:

  • 1st party certification - here, the manufacturer self declares and provides the justification as to why they believe their tool satisfies the requirements of the standard, based on their understanding and interpretation of the standard.
  • 2nd party certification - this occurs when the self-declaration and justification are reviewed by another organisation (or maybe an association to which the manufacturing organisation belongs) whose reviewing process is indigenous and not verified by an independent authority
  • 3rd party certification - If the declaration and justification are reviewed by an independent organisation, whose process of assessment are further reviewed by an independent authority (usually a notified body), then this forms part of 3rd party accredited certification. This is the highest level of certification, where the level of confidence on assessment of the tool is also very high
The functional safety standards require relevant justification regarding the reduction and or prevention of errors that may be seeded into the tool, and which can later create failure of the SIS when this tool is used for configuring a SIS device. 

These are identified as 'systematic errors' that get embedded within the tool and thereby are transferred to the SIS during configuration. The standards, however, do not mandate using such a 'certified tool' for SIS configuration.

Additional ambiguity with the above approach arises from how to comply with the requirement for providing relevant 'justification'. However, here the safety standards do provide sufficient mechanisms for how to go about demonstrating such justification.

They state that any tool used for configuration of SIS devices shall be classified as a 'T' rated tool and form part of either a T1, T2 or T3 classification.  

This classification would require documented evidence that the tool's design, development, testing and implementation have been implemented in accordance with the relevant clauses of IEC 61508 Ed 2 2010: Part 3.

The justification provided will demonstrate that there are either reduced or no systematic errors introduced when the tool generates the outputs by processing its inputs. With a sufficient level of rigour applied using the techniques and measures provided by the functional safety standards, a maximum systematic safety integrity claim of SIL 3 can be achieved and/or declared for such a tool.

In this case, the user of the tool will need to understand two additional requirements for successful implementation. Firstly, any tool will need to be classed as a 'T-rated' tool. Secondly, this declaration of justification shall be provided by the tool developer either a self-declaration through verification and validation performed by the internal team, or a certification from a second or third party organisation as detailed earlier above.

To summarize then, the underlying fact is that, in order to comply with the safety standards, any tool that is used to configure a SIS shall be classified as a 'T rated' tool and shall be declared through a first, second or third party certification in order to adhere to good engineering practice. 

The takeaway question:
Are you or your partners using such tools in your SIS design and engineering activities and are they suitably 'T rated' in accordance with the safety standards? If you want to find out more, contact us or post a comment.


Post a Comment