Exida Webinar - A Different Certification Scheme

exida
A Different Certification Scheme

exida
Sellersville, PA USA
By:Ted Stewart
Ted Stewart
Program Development & Compliance Manger
Ted Stewart manages exidas OEM product certification,

assists the End User business, manages the CFSE
program, and is the deputy quality manager. His areas of
expertise include safety and high availability automation
systems, manufacturing, and lean process improvement.
Copyright exida.com LLC 2000-2015
exida Worldwide Locations
exida Mexico
exida Asia Pacific
exida South Africa
Main Offices
Regional Offices
Main Product / Service Categories
Consulting
Process
Safety (IEC
61511, IEC
62061, ISO
26262)
Alarm
Management
Control
System
Security (ISA
S99)
Engineering
Tools
exSILentia
(PHA,
SIL Selection
LOPA
SRS
SIL Verification)
Safety Case
FMEDA
Alarm
Rationalization
Product
Certification
Functional
Safety (IEC
61508)
Control
System
CyberSecurity
Network
Robustness
(Achilles)
Training
Process
Safety
Control
System
Security
Onsite
Offsite
Security
Development
Alarm
Management
Reference
Materials
Databases
Tutorials
Textbooks
Reference
Books
Market
Studies
Processes - Products - People

Professional
Certification
CFSE
CFSP
Industrial
Control
System
Security
Expert
(ICSSE)
What is Certification?
Systems, Products, Components, and
Personnel are getting certified.
Certification is a Third Party
Assessment done against a set of
requirements based primarily on
international standards.
Functional Safety Certification
involves a detailed analysis of both
the engineering process and design
margins resulting in random failure
rate in all failure modes.
Cybersecurity Certification involves a
detailed analysis of the engineering
process, cyber defense mechanisms,
and network robustness.
Who does Certification?

Certification Programs
have been established
by private companies
and governmental
bodies around the
world. All organizations
who perform
certifications should be
accredited for their field
of work.
Accreditation
An Accreditation Body
(AB) will audit and
accredit a Certification
Body (CB).
Certification Bodies must
operate any product
certification program
under
ISO/IEC 17025 and
EN45011 (IEC 65) / ISO
17065 requirements.
International Recognition
exida is fully accredited
per ANSI, the United
States IEC liaison, as a
Certification Body for
Cybersecurity and
Functional Safety
ANSI is a member of the

International Accreditation
Forum (IAF). Most
countries in the world are
signatories of the IAF
Multilateral Recognition
Arrangement (MLA) which
assures global certificate
acceptance.
Accreditation Confirmation
A Certification Body will
show the Accreditation
Body (AB) logo on the
certificate for all work
done under the
accredited procedures.
House Certificate
When product
certifications are
done without
accreditation, even
by a company that
has accreditation,
this is called a
House Certificate.
There is no AB
logo.
10
Legacy Documents
Agencies that have been around for a long

period of time have an advantage whether or
not the agency is accredited by an AB.
11
Certification Scheme
A Scheme is established which lists

required standards as well as any additional
requirements beyond those stated in the
standards.
In some cases, the Scheme is created by a
committee. In some cases, the Scheme is
established by the Certification Body (CB).
An Advisory Board must be established to
provide input on the CB certification scheme.
12
exida Advisory Board

exida strives to operate the
most useful and relevant
product certification program in
the world.
Therefore exida has established
an Advisory Board to
recommend and review
enhancements to the Scheme,
identify problems, establish policy,
and resolve complaints.
13
exida Advisory Board
Invista
Air Products
CH2M HILL
GE
Conoco Phillips
Dupont
Dow
BP
Syngenta
DSM
PetroSA
Tebodin
Chevron
14
The exida Scheme

exida has established a Scheme with added requirements
beyond the IEC 61508 family of standards based on
Advisory Board recommendations:
FMEDA Analysis accurate failure mode data based on over 150 billion
unit operating hours of field failure data.
Publish failure rates not just PFDavg
Analysis / publication false trip data
Maintainability
Design complexity
Cybersecurity audit
Practical proof test is required
Surveillance audits - expiration dates
15
Why is the exida Scheme better?

Owner-Operator Benefit Comparison
exida
Tougher Scheme - User generated
requirements
Conventional Certification Body

Standards based requirements
Complete Assessment - Safety Case

Accredited Certification Body
Relevant Assessment - Technical
Expertise
Realistic Failure Rate Predictions - All
Failure Modes
Requires Published False Trip Failure
Rates
Requires Proof Test Procedures with
Effectiveness Prediction
Cybersecurity Analysis
Surveillance Audits to ensure continued
safety
"House" Certificates from some CBs
Have used Manufacturer Warranty Data

for PFD, Have used "Cycle Test" results
for Failure Rate Predictions
Typically publishes a PFD number, no
false trip data
16

exida
Tougher Scheme - User generated
requirements

Standards based requirements
The additional requirements added to the exida Scheme go beyond

IEC 61508. These requirements were added to meet OwnerOperator needs by the exida Advisory Board.
Manufacturers and Equipment Suppliers must provide more data and
more analysis must be done. However, the result of this work is
better information for those choosing equipment and designing
bespoke Safety Instrumented Systems.
exida updates the Scheme requirements approximately once per
year keeping far more current than typical Schemes and standards.
17

exida
Complete Assessment - Safety Case
exida has always used the

Safety Case approach to
assessment to ensure a
complete evaluation of all
requirements in any scheme.
exida requires that the
Assessment Report be
publicly available, published
on the exida website.
http://www.exida.com/SAEL
18

exida
Accredited Certification Body

"House" Certificates from some CBs
No AB Logo
19

exida
Expertise
We previously used (a conventional German CB). They

seemed to be asking the wrong questions during an audit. The
focus seemed to be on bureaucracy. exida went deep into the
fundamental safety concept issues. VP Engineering, West Coast
US Product Manufacturer
exida has an experienced team of mechanical, electronic, and software
development engineers. These are people who have been living in the
product development world. They understand the key issues.
http://www.exida.com/Company/Team
20

exida
Expertise
exida has many key personnel actively working on the IEC Functional Safety /
Automation Cybersecurity technical committees. More than any other
Certification Body.
exida teaches courses on cybersecurity, functional safety and alarm
management on average once a week globally.
http://www.exida.com/Training
exida personnel have published more technical papers and research results
(over 600) than any Certification Body in the world.
I learned more from an exida two hour tutorial on IEC 61508 than I
learned from several days of meetings with (a conventional
CB). Engineering Manager, Midwest US Product Manufacturer
21

exida
Failure Modes

COMPONENT
DATABASE
Product
Component
s
Failure Mode
Distribution
FMEDA
Product
Failure
Modes
Diagnostic
Coverage
exida uses the FMEDA

technique it has developed
over the last 20 years of field
failure research. This design
analysis method predicts
failure rates for all failure
modes, automatic diagnostic
coverage, useful life, and
proof test coverage for each
design variation and
application.
22

exida
Failure Modes
The exida FMEDA Component
Database is based on over 150
billion hours of field failure data
from the process industries.
Comparisons with site field
failure data have shown the
exida FMEDA predictive
technique is accurate or slightly
pessimistic.*

1.00E-06
exida FMEDA
Spool Solenoid 2
9.00E-07
exida FMEDA
Spool Solenoid 3
8.00E-07
7.00E-07
6.00E-07
5.00E-07
exida FMEDA
Average
exida FMEDA
Spool Solenoid 1
DOW Field
Data
4.00E-07
3.00E-07
2.00E-07
1.00E-07
exida FMEDA Poppet Solenoid 1

Manufacturer
Warranty
Data
0.00E+00
TV Certificate
Data
exida FMEDA Poppet Solenoid 2
Solenoid Valve Total Failure Rate
* Combining field failure data with new instrument design margins to predict failure rates for SIS Verification, Iwan van Beurden,
Dr. William M. Goble, exida, Oct. 2014
23

exida
Requires Published False Trip Failure
Rates

Typically publishes a PFD number, no
false trip data
False trip rate is an essential
design parameter for our SIS
designs. How can I do this
without the data? Only exida
certifications provide that.
Control Engineer, US Chemical
Industry
exida predicted failure

data is provided for
different applications of
each product.
24

exida
Requires Proof Test Procedures with
Effectiveness Prediction

No requirement
exida works with manufacturers to create practical proof test procedures.

The FMEDA analysis is then used to predict the effectiveness of each
different proposed proof test. The results are published in FMEDA reports
and typically included in the exSILentia Safety Lifecycle Tool.
25

exida
Cybersecurity Analysis

No requirement
If applicable, exida includes a cybersecurity threat analysis with functional

safety certifications. exida is one of the few CBs accredited to certify
industrial automation products to cybersecurity standards. exida also has
additional Automation Cybersecurity Schemes for personnel, product, and
system certification.
26

exida
Surveillance Audits to ensure continued
safety

No requirement
The exida Scheme requires periodic Surveillance Audits. The expiration date on
each exida certificate shows when the next audit is due. At each Surveillance,
exida asks questions to find out Does the device still meet functional safety and
cybersecurity requirements?
We switched from (a conventional German CB) to exida because of the
exida surveillance policy. With our former CB, every change had to be
preapproved before release to the market. Some change approvals have
taken several months. The last thing we need is to hold up an important
change waiting in the work / vacation queue of the CB. exidas surveillance
policy allows changes that follow our approved change process to be
released to production immediately. Our customers get better product. exida
audits changes every Surveillance audit. Engineering Manager, US West
Coast Manufacturer.
27
List of Certified Equipment

We use the SAEL as our primary equipment selection source.
The most comprehensive safety equipment list of the internet.
www.sael-online.com
28
How is the exida Scheme working
29
30
31
All of the questions in this webinar will be answered via email and
given to ALL participants. We feel this topic is very important and
want to make sure your questions are answered and easily stored
Contact information: tstewart@exida.com
32

Exida Webinar - A Different Certification Scheme

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Exida Webinar - A Different Certification Scheme

Încărcat de

Drepturi de autor:

Formate disponibile

exida

A Different Certification Scheme

Ted Stewart manages exidas OEM product certification,

Copyright exida.com LLC 2000-2015

exida Worldwide Locations

exida Asia Pacific

exida South Africa

Main Product / Service Categories

Processes - Products - People

Copyright exida.com LLC 2000-2015

Who does Certification?

ANSI is a member of the

Copyright exida.com LLC 2000-2015

Agencies that have been around for a long

A Scheme is established which lists

Copyright exida.com LLC 2000-2015

exida Advisory Board

Copyright exida.com LLC 2000-2015

exida Advisory Board

The exida Scheme

Publish failure rates not just PFDavg

Analysis / publication false trip data

Practical proof test is required

Surveillance audits - expiration dates

Copyright exida.com LLC 2000-2015

Why is the exida Scheme better?

Conventional Certification Body

Complete Assessment - Safety Case

"House" Certificates from some CBs

Have used Manufacturer Warranty Data

Copyright exida.com LLC 2000-2015

Why is the exida Scheme better?

Conventional Certification Body

The additional requirements added to the exida Scheme go beyond

Why is the exida Scheme better?

Conventional Certification Body

exida has always used the

Why is the exida Scheme better?

Conventional Certification Body

Why is the exida Scheme better?

Conventional Certification Body

We previously used (a conventional German CB). They

Why is the exida Scheme better?

Conventional Certification Body

Why is the exida Scheme better?

Conventional Certification Body

exida uses the FMEDA

Copyright exida.com LLC 2000-2015

Why is the exida Scheme better?

Conventional Certification Body

exida FMEDA Poppet Solenoid 1

exida FMEDA Poppet Solenoid 2

Solenoid Valve Total Failure Rate

Why is the exida Scheme better?

Conventional Certification Body

exida predicted failure

Why is the exida Scheme better?

Conventional Certification Body

exida works with manufacturers to create practical proof test procedures.

Copyright exida.com LLC 2000-2015

Why is the exida Scheme better?

Conventional Certification Body

If applicable, exida includes a cybersecurity threat analysis with functional

Copyright exida.com LLC 2000-2015