Exida IEC 61508 User manual

The document was prepared using best effort. The authors make no warranty of any kind and shall not be liable in any

event for incidental or consequential damages in connection with the application of the document.

© All rights reserved.

IEC 61508 Functional Safety Assessment

Project:

G Series and CB/CBA/CBA300/CBB Series Scotch Yoke Actuators

Customer:

Valve Automation

Emerson Automation Solutions

Houston, Texas

USA

Contract Number: Q19/11-035

Report No.: EAS 16/06-010 R003

Version V3, Revision R2 Mar 2, 2021

Loren Stewart

© exida EAS 16-06-010 R003 V3R2 CB & G Series Assessment Report.docx
T-023 V4R8 exida 80 N. Main St, Sellersville, PA 18960 Page 2 of 21

Management Summary

This report summarizes the results of the functional safety assessment according to IEC 61508
carried out on the G Series and CB/CBA/CBA300/CBB Series Scotch Yoke Actuators

The functional safety assessment performed by exida consisted of the following activities:

- exida assessed the development process used by Emerson Automation Solutions through
an audit and review of a detailed safety case against the exida certification scheme which

includes the relevant requirements of IEC 61508. The investigation was executed using
subsets of the IEC 61508 requirements tailored to the work scope of the development team.

exida reviewed and assessed a detailed Failure Modes, Effects, and Diagnostic Analysis

(FMEDA) of the devices to document the hardware architecture and failure behavior.

- exida performed a detailed Failure Modes, Effects, and Diagnostic Analysis (FMEDA) of the
devices to document the hardware architecture and failure behavior.

- exida reviewed field failure data to verify the accuracy of the FMEDA analysis.

- exida reviewed the manufacturing quality system in use at Emerson Automation Solutions.

The functional safety assessment was performed to the requirements of IEC 61508: ed2, 2010, SIL
3 for mechanical components. A full IEC 61508 Safety Case was prepared using the exida Safety
Case tool as the primary audit tool. Hardware process requirements and all associated

documentation were reviewed. Environmental test reports were reviewed. Also, the user
documentation (safety manual) was reviewed.

The results of the Functional Safety Assessment can be summarized as:
The audited development process as tailored and implemented by the Emerson Automation

Solutions G Series and CB/CBA/CBA300/CBB Series Scotch Yoke Actuators development project,
complies with the relevant safety management requirements of IEC 61508 SIL 3, SC 3 (SIL 3
Capable).

The assessment of the FMEDA, done to the requirements of IEC 61508, has shown that the G Series
and CB/CBA/CBA300/CBB Series Scotch Yoke Actuators can be used in a low demand safety
related system in a manor where the PFD

avg

is within the allowed range for up to SIL 2 (HFT = 0) or

SIL 3 (HFT=1) according to table 2 of IEC 61508-1.
The assessment of the FMEDA also shows that the G Series and CB/CBA/CBA300/CBB Series

Scotch Yoke Actuators meets the requirements for architectural constraints of an element such that
it can be used to implement a SIL 2 safety function (with HFT = 0) or a SIL 3 safety function (with
HFT = 1).

This means that the G Series and CB/CBA/CBA300/CBB Series Scotch Yoke Actuators is
capable for use in SIL 3 applications in Low DEMAND mode, when properly designed into a
Safety Instrumented Function per the requirements in the Safety Manual and when using the
versions specified in section 3 of this document.

© exida EAS 16-06-010 R003 V3R2 CB & G Series Assessment Report.docx
T-023 V4R8 exida 80 N. Main St, Sellersville, PA 18960 Page 3 of 21

The manufacturer will be entitled to use the Functional Safety Logo.

© exida EAS 16-06-010 R003 V3R2 CB & G Series Assessment Report.docx
T-023 V4R8 exida 80 N. Main St, Sellersville, PA 18960 Page 4 of 21

Table of Contents

Management Summary ................................................................................................... 2

1 Purpose and Scope ................................................................................................... 6

1.1 Tools and Methods used for the assessment ............................................................... 6

2 Project Management .................................................................................................. 7

2.1 exida ............................................................................................................................ 7

2.2 Roles of the parties involved ........................................................................................ 7

2.3 Standards and literature used ...................................................................................... 7

2.4 Reference documents .................................................................................................. 7

2.4.1 Documentation provided by Valve Automation Emerson Automation Solutions . 7

2.4.2 Documentation generated by exida ................................................................... 9

2.5 Assessment Approach ................................................................................................. 9

3 Product Descriptions ................................................................................................ 10

3.1 Hardware Version Numbers ....................................................................................... 10

4 IEC 61508 Functional Safety Assessment Scheme................................................. 11

4.1 Methodology............................................................................................................... 11

4.2 Assessment level ....................................................................................................... 11

5 Results of the IEC 61508 Functional Safety Assessment ........................................ 12

5.1 Lifecycle Activities and Fault Avoidance Measures..................................................... 12

5.1.1 Functional Safety Management ....................................................................... 12

5.1.2 Safety Requirements Specification and Architecture Design ............................ 13

5.1.3 Hardware Design ............................................................................................. 13

5.1.4 Validation ......................................................................................................... 14

5.1.5 Verification ....................................................................................................... 14

5.1.6 Proven In Use .................................................................................................. 14

5.1.7 Modifications.................................................................................................... 14

5.1.8 User documentation......................................................................................... 15

5.2 Hardware Assessment ............................................................................................... 15

6 2020 IEC 61508 Functional Safety Surveillance Audit............................................. 17

6.1 Roles of the parties involved ...................................................................................... 17

6.2 Surveillance Methodology .......................................................................................... 17

6.2.1 Documentation provided by Emerson Automation Solutions ............................ 18

6.2.2 Surveillance Documentation generated by exida............................................. 18

6.3 Surveillance Results ................................................................................................ ... 19

6.3.1 Procedure Changes ......................................................................................... 19

6.3.2 Engineering Changes ...................................................................................... 19

6.3.3 Impact Analysis ............................................................................................... 19

6.3.4 Field History .................................................................................................... 19

© exida EAS 16-06-010 R003 V3R2 CB & G Series Assessment Report.docx
T-023 V4R8 exida 80 N. Main St, Sellersville, PA 18960 Page 5 of 21

6.3.5 Safety Manual.................................................................................................. 19

6.3.6 FMEDA Update ............................................................................................... 19

6.3.7 Evaluate use of certificate and/or certification mark ......................................... 19

6.3.8 Previous Recommendations ............................................................................ 19

6.4 Surveillance Audit Conclusion .................................................................................... 19

7 Terms and Definitions .............................................................................................. 20

8 Status of the Document ........................................................................................... 21

8.1 Liability ....................................................................................................................... 21

8.2 Version History ........................................................................................................... 21

8.3 Future Enhancements ................................................................................................ 21

8.4 Release Signatures .................................................................................................... 21

© exida EAS 16-06-010 R003 V3R2 CB & G Series Assessment Report.docx
T-023 V4R8 exida 80 N. Main St, Sellersville, PA 18960 Page 6 of 21

1 Purpose and Scope

This document shall describe the results of the IEC 61508 functional safety assessment of the Valve
Automation Emerson Automation Solutions:

➢ G Series and CB/CBA/CBA300/CBB Series Scotch Yoke Actuators

by exida according to accredited exida certification scheme which includes the requirements of
IEC 61508: ed2, 2010.

The assessment has been carried out based on the quality procedures and scope definitions of

exida.

The results of this provides the safety instrumentation engineer with the required failure data as per
IEC 61508 / IEC 61511 and confidence that sufficient attention has been given to systematic failures
during the development process of the device.

1.1 Tools and Methods used for the assessment

This assessment was carried by using the exida Safety Case tool. The Safety Case tool contains
the exida scheme which includes all the relevant requirements of IEC 61508.

For the fulfillment of the objectives, expectations are defined which builds the acceptance level for
the assessment. The expectations are reviewed to verify that each single requirement is covered.
Because of this methodology, comparable assessments in multiple projects with different assessors
are achieved. The arguments for the positive judgment of the assessor are documented within this
tool and summarized within this report.

The assessment was planned by exida agreed with Valve Automation Emerson Automation
Solutions.

All assessment steps were continuously documented by exida (see [R1] to [R3]).

© exida EAS 16-06-010 R003 V3R2 CB & G Series Assessment Report.docx
T-023 V4R8 exida 80 N. Main St, Sellersville, PA 18960 Page 7 of 21

2 Project Management

2.1 exida

exida is one of the world’s leading accredited Certification Bodies and knowledge companies,

specializing in automation system safety and availability with over 500 years of cumulative
experience in functional safety. Founded by several of the world’s top reliability and safety experts

from assessment organizations and manufacturers, exida is a global company with offices around
the world. exida offers training, coaching, project-oriented system consulting services, safety

lifecycle engineering tools, detailed product assurance, cyber-security and functional safety
certification, and a collection of on-line safety and reliability resources. exida maintains a

comprehensive failure rate and failure mode database on process equipment based on 350 billion
hours of field failure data.

2.2 Roles of the parties involved

Valve Automation Emerson Automation Solutions Manufacturer of the G Series and

CB/CBA/CBA300/CBB Series Scotch Yoke
Actuators

exida Performed the hardware assessment
exida Performed the IEC 61508 Functional Safety

Assessment per the accredited exida scheme.

Valve Automation Emerson Automation Solutions originally contracted exida in June 2016 for the
IEC 61508 Functional Safety Assessment of the above mentioned devices.

2.3 Standards and literature used

The services delivered by exida were performed based on the following standards / literature.

[N1]

IEC 61508 (Parts 1 - 7): 2010

Functional Safety of Electrical/Electronic/Programmable
Electronic Safety-Related Systems

2.4 Reference documents

2.4.1 Documentation provided by Valve Automation Emerson Automation Solutions

[D1]

US006029-1, 7/8/2013

ISO 9001:2008 certificate of approval, Emerson Process
Management, Houston, Texas, USA; Superseded See
Section 6

[D2]

QMS, ISS. 2, Rev 3,
3/23/2016

Global Quality Management System Manual; Superseded
See Section 6

[D3]

14-HS1191666-PDA,
7/31/2014

ABS design assessment certificate, CB Series
[D4]

14-HS1191665-3-PDA

ABS design assessment certificate, G Series