Very brief introduction to the IEC 61511

1. Copyright exida Asia Pacific © 2013
Singapore +65 6222 5160
Shanghai +86 21 5171 7250
Hong Kong +852 2633 7727
Germany +49 89 4900 0547
USA +1 215 453 1720
Switzerland +41 22 364 14 34
Canada +1 403 475 1943
United Kingdom +44 2476 456 195
Netherlands +31 318 414 505
Australia / NZL +64 3 472 7707
Mexico +52 55 5611 9858
South Africa +27 31 267 1564
Exida Contacts
Functional Safety - IEC 61511 Introduction
New Plymouth, 11 April 2013
Koen Leekens
+65 977 9547

2. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
What is…?
Today’s Objective
Introduce the Concept and Basic Principles of IEC 61511

3. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Safety is Only as Strong as its Weakest Link
exida

4. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
exida History
Founded in 1999 by experts from Manufacturers, End Users,
Engineering Companies and TÜV Product Services
“Independent provider of Tools, Services and Training
supporting Customers with Compliance and Certification to
any Standards for Functional Safety, Cyber Security and Alarm
Management”
Rainer Faller
Former Head of TÜV Product Services
Chairman German IEC 61508
Global Intervener ISO 26262 / IEC 61508
Author of several Safety Books
Author of IEC 61508 parts
Dr. William Goble
Former Director Moore Industries
Developed FMEDA Technique (PhD)
Author of several Safety Books
Author of several Reliability Books

5. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
What we do
EXPERTISE SCOPE
Tools
Training
Consultancy
Certification
INDUSTRIES
Process
Energy
Machine
Automotive
End Users
Manufacturer
Engineering
Integrators
CUSTOMERS
Functional
Safety
Alarm
Management
Cyber
Security
Reliability

6. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
exida Tools – Process Industry

7. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
exida Services and Training – Process Industry
Functional Safety Management Set-up
Functional Safety Assessment
PHA
SIL Determination
SRS Development
SIL Verification
Alarm Philosophy – Rationalization
Cyber Security Assessments
Training Programs

8. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Global Functional Safety Certification Consultant
3rd Party Accredited Certification Body
Developer FMEDA Technique
Mechanical Failure Database
Electrical & Electronic Failure Database
Instrument & Equipment Failure Database
Development Field Failure Database Methodology
Global Active Participation in IEC – ISO Workgroups
Functional Safety Engineering Tools
exida Industry Contributions

9. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
exida Library
exida publishes analysis
techniques for functional
safety
exida authors ISA
best- sellers for automation
safety and reliability
exida authors
industry data
handbook on
equipment failure
data
www.exida.com

10. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
exida Customers (extract from 2000+)

11. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
What is…?
Functional Safety:

12. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
What do accidents teach us?
Buncefield 2005
Bhopal 1984 Flixborough1974
Seveso 1976

13. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Primary Cause of Failures?
Specification
Changes after
Commission
Operation and
Maintenance
Design and
Implementation
Installation and
Commission

14. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Primary Cause of Failures?
Specification
Changes after
Commission
Operation and
Maintenance
Design and
Implementation
Installation and
Commission
Source Health, Safety & Environmental Agency
The majority of accidents are:
… Preventable if a systematic
Risk-Based Approach is adopted…
More than
80% of Failures
Before Startup

15. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Device Manufacturers - Sector Specific Not Available
Which Standard?
IEC 61513
Nuclear
IEC 61511
Process Industry
IEC 61508
Functional Safety for E/E/PES Safety Related Systems
ISO 26262
Road Vehicles
End Users - Systems Integrators
IEC 62061
Machinery

16. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Relationship IEC 61508 – IEC 61511
Manufacturers and Suppliers of
Devices
IEC 61508
Safety Instrumented System
designers, Integrators and users
IEC 61511
Process Sector Safety Instrumented System Standards

17. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
RANDOM
Failures
IEC 61511 – Protection Against:
SYSTEMATIC
Failures
Random Failures? Systematic Failures?

18. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Random Failures: “Usually a permanent failure due to a
system component loss of functionality – hardware related
What are…?

19. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Systematic Failures: “Usually due to a design fault, wrong
specification,not fit for purpose , error in software program,
...
What are…?

20. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Question?
Is Redundancy sufficient protection against SYSTEMATIC
FAILURES?

21. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
RANDOM
Failures
IEC 61508 – Protect Against:
SYSTEMATIC
Failures
HOW? HOW?

22. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
RANDOM
Failures
IEC 61508 – Protect Against:
SYSTEMATIC
Failures
Probabilistic
Performance Based
Design
HOW?

23. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
PROBABILISTIC BASED DESIGN

24. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
RANDOM
Failures
IEC 61508 – Protect Against:
SYSTEMATIC
Failures
Probabilistic
Performance Based
Design
HOW?

25. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
RANDOM
Failures
IEC 61508 – Protect Against:
SYSTEMATIC
Failures
Probabilistic
Performance Based
Design
Detailed Engineering
Process

26. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Key Aspects of IEC 61508/61511
Safety Integrity Levels (SIL)
– Reliable Hardware with predictable failure rates to
protect against Random Failures (Physical)
Safety Lifecycle
– Safety Management with controlled and systematic
processes to protect against Systematic Failures (Design)

27. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
The IEC 61511 Safety Lifecycle

28. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
The IEC 61511 Safety Lifecycle
Management and
Planning
Analysis Phase
Realization Phase
Operate and Maintain

29. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
The IEC 61511 Safety Lifecycle
Management and
Planning

30. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Industry Competency Program
www.cfse.org

31. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
The IEC 61511 Safety Lifecycle
Analysis Phase

32. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
SRS Always Required?
Do I Need
A SIS in
My Plant?

33. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
IEC 61511/61508 are Risk Based
“Is it worth going for the Cheese?”

34. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
What is…?
Risk: Consequence x Likelihood.
Accounts for both the consequense and the likelihood portion
of the risk

35. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Analyze Process Risk
(Inherent Risk)
Tolerable Level of Risk
Risk
Risk Analysis
(defined by Customer per application)
High
Low

36. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Analyze Process Risk
(Inherent Risk)
Tolerable Level of Risk
Risk
Risk Analysis
(defined by Customer per application)
Define Tolerable
Risk
High
Low

37. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
What is…?
Tolerable Risk: The level of risk that society will accept
– Who is being exposed to risk?
 Individuals
 Society
 Environment
– What is the nature of the risk?
 Fatality / Injury
 Permanent / Temporary Damage
 Financial Loss
MoralLegal
Financial

38. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
What is…?
ALARP: As Low As Reasonably Practicable

39. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Tolerable Risk Sample – Statistics UK
Activity Probability per
person per year
Travel
Air 2 x 10 -6
Train 3 x 10 –6
Bus 2 x 10 -4
Car 2 x 10 –4
M otorcycle 2 x 10 -2
O ccupation
Chemical Industry 5 x 10 –5
M anufacturing
Shipping 9 x 10 –4
Coal M ining 2 x 10 –4
Agriculture
Boxing
Voluntary
Rock climbing 1.4 x 10 –4
–3

40. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Analyze Process Risk
(Inherent Risk)
Tolerable Level of Risk
Risk
Risk Analysis
(defined by Customer per application)
Analyze Actual
RISK
High
Low

41. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Design Changes
Calculated Process Risk
(Inherent Risk)
Tolerable Level of Risk
Risk
Risk Analysis
(defined by Customer per application)
High
Low

42. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Design Changes
Other Risk Reduction
Calculated Process Risk
(Inherent Risk)
Tolerable Level of Risk
Risk
Risk Analysis
(defined by Customer per application)
Analyze other Layers of
Protection
High
Low

43. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Calculated Process Risk
(Inherent Risk)
Tolerable Level of Risk
Risk
Bring Risk below
Tolerable
Risk Analysis
(defined by Customer per application)
Design Changes
Other Risk Reduction
High
Low

44. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Calculated Process Risk
(Inherent Risk)
Tolerable Level of Risk
Risk
SIL is measure for
Risk Reduction
Risk Analysis
(defined by Customer per application)
Design Changes
Other Risk Reduction
High
Low

45. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Risk Reduction Factor (RRF) and SIL
High Risk
Low Risk
1/RRF =
PFD

46. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Risk Reduction Factor (RRF) and SIL
1/RRF =
PFD

47. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Risk Reduction Factor (RRF) and SIL

48. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Safety Requirements Specification
• Target SIL
• Functional Description of Each SIF
• Response Time
• Bypass Requirement
...
( IEC 61511-1 clause 10)

49. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
The IEC 61511 Safety Lifecycle
Realization Phase

50. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
SIF Design
The SIL achieved is the minimum of:
1. SILPFD:Probability of Failure on Demand Average/per hour (PFDAVG /PFH)
2. SILAC : Hardware Fault Tolerance
3. SILCAP:Capability to prevent Systematic Failures (SILCAP)

51. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Probability of Failure on Demand
The SIL achieved is the minimum of:
1. SILPFD:Probability of Failure on Demand Average/per hour (PFDAVG /PFH)
2. SILAC : Hardware Fault Tolerance
3. SILCAP:Capability to prevent Systematic Failures (SILCAP)
PFDsensor + PFDmux + PFDinput + PFDmp + PFDOutput + PFDrelay + PFDfe + PDFprocess-connection

52. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
S SD SU
SAFE DETECTED
SAFE UNDETECTED
DANGEROUS
UNDETECTED
DANGEROUS
DETECTED
D DD DU
60%
40%
Divide each failure rate into specific failure modes
IEC 61508-6 Method

53. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
What is…?
Fail Danger: A failure that prevents the safety function from
performing
Fail Safe: Anything that is not Fail Danger
.
NOTE: Definitions refer to single channel architectures.

54. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
SIF Design
The SIL achieved is the minimum of:
1. SILPFD:Probability of Failure on Demand Average/per hour (PFDAVG /PFH)
2. SILAC : Hardware Fault Tolerance
3. SILCAP:Capability to prevent Systematic Failures (SILCAP)

55. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
What is…?
Hardware Fault Tolerance: The quantity of failures that can
be tolerated while maintaining the safety function
Architecture
Hardware
Fault
Tolerance
1oo1 0
1oo1D 0
1oo2 1
2oo2 0
2oo3 1
2oo2D 0
1oo2D 1
1oo3 2

56. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
What is…?
Hardware Fault Tolerance: The quantity of failures that can
be tolerated while maintaining the safety function
Architecture
Hardware
Fault
Tolerance
1oo1 0
1oo1D 0
1oo2 1
2oo2 0
2oo3 1
2oo2D 0
1oo2D 1
1oo3 2

57. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
What is…?
Safe Failure Fraction: A measurement of the likelihood of
getting a dangerous failure that is NOT detected by
automatic self diagnositcs
.
NOTE: Definitions refer to single channel architectures.

58. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
IEC 61508 Safe Failure Fraction
SFF =
SD + SU + DD
SD + SU + DD + DU
= 1 -
DU
Total

59. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Example FMEDA 3051S

60. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Example 3051S
Hardware Fault Tolerance: The quantity of failures that can
be tolerated while maintaining the safety function
Architecture
Hardware
Fault
Tolerance
1oo1 0
1oo1D 0
1oo2 1
2oo2 0
2oo3 1
2oo2D 0
1oo2D 1
1oo3 2

61. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
SIF Design
The SIL achieved is the minimum of:
1. SILPFD:Probability of Failure on Demand Average/per hour (PFDAVG /PFH)
2. SILAC : Hardware Fault Tolerance
3. SILCAP:Capability to prevent Systematic Failures (SILCAP)

62. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Certified versus Proven in Use
Certificate
by
Independent
Assessor
Justification
by User

63. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Product Certification
Functional safety certification for devices is accomplished
per IEC 61508
Products are certified to a Safety Integrity Level (SIL)
The result is typically a certificate and a certification report
SIL Certification
Vendor showed
sufficient protection
against Random and
Systematic Failures

64. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Example…
The SIL achieved is the minimum of:
1. SILPFD: SIL2
2. SILAC : SIL1
3. SILCAP: SIL3
The SIL level for this
Safety Instrumented
Function (SIF) is:
???

65. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Example
The SIL achieved is the minimum of:
1. SILPFD: SIL2
2. SILAC : SIL1
3. SILCAP: SIL3
The SIL level for this
Safety Instrumented
Function (SIF) is:
SIL1

66. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
The IEC 61511 Safety Lifecycle
Realization Phase

67. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
The IEC 61511 Safety Lifecycle
Operate and Maintain

68. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
What is…?
Proof Testing: A manually initiated test designed to detect
failure of any part of a SF. Different proof test procedures can
have different levels of effectiveness.
No practical proof
test will detect all
failures

69. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
The IEC 61511 Safety Lifecycle

70. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
“Disabled” Safety is not SAFE!
www.securityincidents.org
revents Safety Shutdown
opriate Control
on system used Microsoft Excel on a PC
orkstation also had Norton anti-virus
are prevented the proper communications
stem. A safety shutdown that should have
Incident with “Certified” Boiler
Anti-Virus Software
Prevents Safety Shutdown
Source www.securityincidents.org

71. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
“Disabled” Safety is not SAFE!
www.securityincidents.org
revents Safety Shutdown
opriate Control
on system used Microsoft Excel on a PC
orkstation also had Norton anti-virus
are prevented the proper communications
stem. A safety shutdown that should have
Explosion of “Certified” Boiler
Anti-Virus Software
Prevents Safety Shutdown
Source www.securityincidents.org
Advanced Technology
introduces
new THREATS?

72. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
exida Functional Integrity Certification™
Functional Integrity Certification™
Functional Safety Certification ™
+
Functional Security Certification ™
“Integrity is doing the right thing,
even if nobody is watching.”
(Anonymous)

73. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Safety is Only as Strong as its Weakest Link
exida

74. Copyright exida Asia Pacific © 2013 AsiaPacific@exida.com
Thank You