the interface solution experts 1 lloyds court, manor royal, crawley west sussex, rh10 9qu, united...
TRANSCRIPT
The Interface Solution Experts www.miinet.com1 Lloyds Court, Manor Royal, Crawley
West Sussex, RH10 9QU, United KingdomTel: 01293 514488 Fax: 01293 536852
FISA 2003 - Workshop 4
13th November
Component Manufacturer View Point
Moore Industries
Rob Stockham
The Interface Solution Experts www.miinet.com1 Lloyds Court, Manor Royal, Crawley
West Sussex, RH10 9QU, United KingdomTel: 01293 514488 Fax: 01293 536852
Moore Industries
• Manufacturer of Process Interface Components and Systems
• Trip Amplifiers
• Temperature Transmitters
• Signal Isolators
• Data Communications and Intelligent I/O
• Plus much more
The Interface Solution Experts www.miinet.com1 Lloyds Court, Manor Royal, Crawley
West Sussex, RH10 9QU, United KingdomTel: 01293 514488 Fax: 01293 536852
(non safety related applications)
• British Energy• BNFL• UKAE• AWE• Electrabell Doel
(Belgium)• Garona
(Spain)• Bruce Power
(Canada)
Typical Customers In The Nuclear Industry
The Interface Solution Experts www.miinet.com1 Lloyds Court, Manor Royal, Crawley
West Sussex, RH10 9QU, United KingdomTel: 01293 514488 Fax: 01293 536852
Sensor Logic Solver Actuator
Selection and Justification of Instruments ???
Safety Integrity Level (SIL) Requirement Defined for LoopComponent Safety Data
PFD, SFF,etc
PIU and Software
Component Safety Data
PFD, SFF,etc
PIU and Software
Component Safety Data
PFD, SFF,etc
PIU and SoftwarePIU Proven in Use
PFD Probability Failure on Demand
SFF Safety Failure Fraction
Typical Safety Related Loop
Environment
Calibration and Maintenance Procedures
Application - Duty
The Interface Solution Experts www.miinet.com1 Lloyds Court, Manor Royal, Crawley
West Sussex, RH10 9QU, United KingdomTel: 01293 514488 Fax: 01293 536852
How Should The Component Be Selected
Certification
‘Suitable for
SIL 3’
Alternatively
‘Proven in Use Claim’
OR
‘Manufacturer Claim’
OR
‘Third Party EXPERT Opinion’
Basis for selection
Component selected to meet Safety Integrity Level (SIL) requirement
Selection follows a comprehensive Risk Assessment and Assignment of Safety Integrity Level (SIL) for the whole safety instrumented loop
Typically SIL 1, 2 or 3
(SIL being the 4 highest)
Can this be justified
But what does this mean?
The Interface Solution Experts www.miinet.com1 Lloyds Court, Manor Royal, Crawley
West Sussex, RH10 9QU, United KingdomTel: 01293 514488 Fax: 01293 536852
Often a ‘Wall’ where the basis of the certificate is not clear?
Third Party CertificationRob Stockham:
1/ User with SIS
2/ Need ?
3/Manuf with Comp
4/ Need ?
5/ Cert comp
6/Info
7/Money 2x arrow
8/Certificate
9/ Wall ?
9/ Wall comment
10/Cert comp- are they competent
11/Accreditation comp comments
12/ ‘Certified’ Manuf Man
Rob Stockham:
1/ User with SIS
2/ Need ?
3/Manuf with Comp
4/ Need ?
5/ Cert comp
6/Info
7/Money 2x arrow
8/Certificate
9/ Wall ?
9/ Wall comment
10/Cert comp- are they competent
11/Accreditation comp comments
12/ ‘Certified’ Manuf Man
National Accreditation body, audits and ‘Accredits’ the certification company
‘Expert Company’ providing certified opinion
Functional Safety Management in place, audited and certified by ‘Accredited Certification company
High confidence the Manufacurer is competent, experienced and has all the required procedures, tools, techniques and processes in place for complete safety life cycle of the component
The Interface Solution Experts www.miinet.com1 Lloyds Court, Manor Royal, Crawley
West Sussex, RH10 9QU, United KingdomTel: 01293 514488 Fax: 01293 536852
Justification for Use
Component Selected
Generic Data Bases can be used for ‘bench marking’ the safety and reliability data of components
Rob Stockham:
MARK to add some wise words, here or on dedicated slide
Rob Stockham:
MARK to add some wise words, here or on dedicated slide
Justification based considering a wider source of information and approaches
A More Robust Approach
Proven in Use Data - if comprehensively documented and relevant to application
Third Party Certification - is the ‘certifier’ experienced and competent, with open and audited certification procedures ( they should be ‘Accredited’ by a National Body - UKAS in the United Kingdom)
Functional Safety Management must be in place at the manufacturer ( i.e. IEC 61508 - Part 1)
FMEDA comprehensive ‘Failure Modes Effects and Diagnostic Analysis’ on hardware will have been undertaken, this is part of the hardware realisation procedures (I.e IEC 61508 - Part 2)
Review of Software and Firmware, analysis of definition, integrity and code analysis,etc. Has the software been developed to recognised standard ( i.e. IEC 61508 - Part 3)
Target SIL level achieved? do the procedures in place for Functional Safety Management, Hardware Realisation and Software meet the requirements for the target SIL level requirement under IEC 61508, plus any industry and application specific requirements (such as the British Energy Programmable Electronic System (PES) Guidelines
The Interface Solution Experts www.miinet.com1 Lloyds Court, Manor Royal, Crawley
West Sussex, RH10 9QU, United KingdomTel: 01293 514488 Fax: 01293 536852
More Information and Evidence
Moves Black to Grey towards White
Specification challenged
Evidence
Specification
How it works
How is the software written
How it performs
Accuracy
EMI/RFI
Temperature Effects
etc
Justification
Analysis
Tests
Explanation
Documentation
Third Party ReviewComponent
Black Box, no real information on how it works or what’s inside
Claim
Claims And Justification
The Interface Solution Experts www.miinet.com1 Lloyds Court, Manor Royal, Crawley
West Sussex, RH10 9QU, United KingdomTel: 01293 514488 Fax: 01293 536852
Issues of Technical & Commercial sensitivity
Resource and cost implications
Requires commitment
Additional Personnel, tools, techniques, procedures and third party involvement for review and certification
Matching Commitment and involvement by user
Implications To Manufacturer
More Information and Evidence
Moves Black to Grey towards White
Specification challenged
Evidence
Specification
How it works
How is the software
written
How it performs
Accuracy
EMI/RFI
Temperature Effects
Justification
Analysis
Tests
Explanation
Documentation
Third Party ReviewComponent
Claim
Claims and Justification
The Interface Solution Experts www.miinet.com1 Lloyds Court, Manor Royal, Crawley
West Sussex, RH10 9QU, United KingdomTel: 01293 514488 Fax: 01293 536852
Rob Stockham:
Mark - Comments
I can use please!
Rob Stockham:
Mark - Comments
I can use please!
Issues On Software And Firmware
•Development under IEC 61508 will also ensure that issues of competency, tools, techniques and configuration and change management will all be implemented
•Is the manufacturer in control of all parts of the software development, what are the implication of embedded ‘COTS’ modules and ‘SOUP’ within the software.
•Has any ‘competent’ third party reviewed the software development, together with code analysis and what are the findings?
•Has the software been developed to a standard (IEC 61508 - Part 3)? This will provide rigorous and documented procedures for definition, specification, safety requirements, function, performance,testing, validation and verification, etc
•How complex is the software, in IEC 61511and Clause 3.2.81 defines 3 levels of software - FPL Fixed Programming Language - Trip Amplifier, Transmitter - LVL - Limited Variability Language - typical of a PLC - FVL - Full Variability Language - C++, Java, etc
•Existing products - is ‘Proven in Use’ claimed for the software, can it be justified? How long in manufacture, how many units sold, application profiles, how was the software written, software failure and ‘bug’ fix documentation?
The Interface Solution Experts www.miinet.com1 Lloyds Court, Manor Royal, Crawley
West Sussex, RH10 9QU, United KingdomTel: 01293 514488 Fax: 01293 536852
Rob Stockham:
Copy of FSCA in box
Rob Stockham:
Copy of FSCA in box
How Has Moore Industries Dealt With Some Of The Issues?
•Achieved Accredited Certification by SIRA for our product development processes to IEC 61508 Part 1 and Part 2, under the CASS scheme for Functional Safety Capability Assessment
•Investment in tools, training and resources to undertake FMEDA work on our products
•Working with our customers on real safety related applications and to provide practical solutions
•Involvement with IEC 61508 and IEC 61511 seminars, conferences and committees to increase our understanding of what is required
•Over 35 years experience in ‘high reliability instrument has built a robust basis for the requirements of safety related instrumentation
The Interface Solution Experts www.miinet.com1 Lloyds Court, Manor Royal, Crawley
West Sussex, RH10 9QU, United KingdomTel: 01293 514488 Fax: 01293 536852
Ideal For The ‘White Box’
•The manufacturer has to have ‘core competency’ in safety related components, together with having in place safety management procedures, hardware and software development procedures to IEC 61508, audited to an accredited scheme.
•The user and the manufacturer need to come together at an early stage to define requirements and participate in the product development process
•Open communication and understanding of the development of the project, to minimise uncertainties in hardware, software, testing and implementation.
•Complete involvement by the manufacturer in the life cycle of the component with the user, with feedback on performance and failures to go back into the development and life cycle process
•This degree of commitment and involvement will present and challenge to all manufacturers, but especially those who may be involved in general commercial instrumentation.
The Interface Solution Experts www.miinet.com1 Lloyds Court, Manor Royal, Crawley
West Sussex, RH10 9QU, United KingdomTel: 01293 514488 Fax: 01293 536852
Summary
•The user should consider the most comprehensive and robust justification and not to rely on ‘one’ element to substantiate their case.
•Consider the whole application and life cycle for the requirement
•Consider the competency and experience of the potential manufacturer (Do they understand the particular and CHALLENGING requirements of the nuclear industry)
•Get involved with the potential manufacturer at an early stage
•If required develop ‘partnering’ arrangements to develop specific components or solutions to application requirements.
THANK YOU